Athens Orthopedic Clinic (GA) will pay the HHS Office of Civil Rights $1.5 million to settle potential HIPAA violations related to a 2016 data breach by The Dark Overlord, who demanded $335,000 in exchange for destroying stolen copies of 200,000 patient records.
The hacker accessed AOC’s system for over a month using stolen SRS credentials.
The clinic refused to pay, as did other providers who were victims of the same extortion scheme, and later said it couldn’t afford to pay for free credit monitoring services for affected patients. (Mr. H pointed out at the time that the cost of credit monitoring service would have been cheaper than the hacker’s demand – an observation that now seems moot given the hefty HHS penalty.)
AOC’s negligence included failing to:
- Conduct risk analyses.
- Implement risk management and audit controls.
- Maintain HIPAA policies and procedures.
- Secure BAAs with multiple associates.
- Provide proper staff training.
HIStalk Practice Announcements and Requests
I’ll be heading into the North Georgia mountains this week to celebrate the start of fall, so HIStalk Practice won’t publish again until September 28. While I’m not as experienced a camper as Dr. Jayne, I have learned how to enjoy myself “roughing” it in the woods. And by that I mean power hook-ups, a heated bathhouse, and a cute general store with plenty of s’mores fixins’.
September 30 (Wednesday) 11 ET. “The Hidden Threat: New Research on Security Vulnerabilities and Privacy Gaps in Healthcare Apps.” Sponsors: Verimatrix, NowSecure. Presenters: Neal Michie, MEng, director of product management, Verimatrix; Brian Lawrence, direction of solution engineering, NowSecure. The presenters will present research on the security risk profile of 1,000 healthcare apps in managing patient privacy, how they compare to those in other industries, and where the biggest vulnerabilities lie. Attendees will learn how to make their healthcare apps more secure in managing protected health information.
Previous webinars are on our YouTube channel. Contact Lorre to present your own.
Acquisitions, Funding, Business, and Stock
Conversion Labs wraps up an equity investment round of $3.5 million and announces plans to list on the Nasdaq. The telemedicine and prescription delivery company offers direct-to-consumer services for hair loss, erectile dysfunction, and immune system support using its proprietary Veritas MD telemedicine software.
HealtheMed raises an undisclosed amount of seed capital to scale its remote patient monitoring technology for Medicaid patients in Minnesota. The company is partnering with Best Buy’s Geek Squad to install smart TVs, and medication dispensing devices. Patients and their providers will also have access to HealtheMed’s cloud-based EHR.
Announcements and Implementations
Health IT vendor MedInformatix announces GA of MI Contact, app-based CRM software designed to help practices manage contacts and marketing budgets, and generate leads.
In Oregon, Marion County Health & Human Services selects EnSoftek’s DrCloudEHR.
The Delaware Department of Health and Social Services leverages technology from Appriss Health to develop a behavioral health referral portal for people seeking treatment for mental health or substance use disorders.
The American Board of Telehealth launches the Clinical, Operational, Regulatory and Ethics (CORE) Concepts in Telehealth Certificate Program. The online course offers CME-accredited content that is geared towards healthcare workers, students, administrators, and those involved in telemedicine.
More news: HIStalk.