1 min read

Tennessee clinic fined $3 million five years after leaking patient data

Filip TRUȚĂ

May 07, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Tennessee clinic fined $3 million five years after leaking patient data

A data leak that occurred five years ago has come back to haunt a Tennessee medical practice in the form of a multi-million dollar fine.

Touchstone Medical Imaging, a provider of diagnostic imaging services in the United States, has been fined $3 million by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) after investigators concluded that the clinic has been negligent handling sensitive health records.

According to the HHS press release, in May 2014, Touchstone was notified by the FBI and OCR that its servers were leaking patient health information (PHI) on the Internet.

“This uncontrolled access permitted search engines to index the PHI of Touchstone”s patients, which remained visible on the Internet even after the server was taken offline,” according to the report.

Faced with these claims, Touchstone initially denied it was exposing patient health records. But an investigation into the matter later revealed that Touchstone had indeed mishandled more than 300,000 records, exposing names, birth dates, social security numbers and residential addresses on the web.

Touchstone reportedly took “several months” to even begin to investigate the leak, leaving patients vulnerable to fraud, blackmail and other types of risks associated with hackers getting their hands on such data.

“OCR”s investigation further found that Touchstone failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its electronic PHI (ePHI), and failed to have business associate agreements in place with its vendors, including their IT support vendor and a third-party data center provider as required by HIPAA,” the HHS wrote.

In addition to paying the $3 million fine, Touchstone has been instructed to undertake “a robust corrective action plan,” including an enterprise-wide risk analysis. As of this writing, Touchstone”s website was down.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns of Phishing Attack Targeting People Looking for Unemployment Benefits FBI Warns of Phishing Attack Targeting People Looking for Unemployment Benefits
Silviu STAHIE

October 20, 2021

1 min read
Hacker Says He Stole ID Data of 45 Million Argentinians Hacker Says He Stole ID Data of 45 Million Argentinians
Silviu STAHIE

October 20, 2021

1 min read
Meet Scam Alert, the New Bitdefender Mobile Security & Antivirus Technology Battling Malicious Links Meet Scam Alert, the New Bitdefender Mobile Security & Antivirus Technology Battling Malicious Links
Silviu STAHIE

October 20, 2021

2 min read