Share this article on:
Following what it calls a “singular human error”, a US healthcare service provider has been fined US$350,000 following a data breach that saw the records of nearly 231,000 people revealed on an unsecured FTP server.
The Department of Health and Human Services’ Office for Civil Rights (OCR)began its investigation in 2018 under the auspices of the Health Insurance Portability and Accountability Act (HIPAA).
The company, MedEvolve, has agreed to pay the fine and has confirmed that it will “implement a corrective action plan” to make sure such an incident does not happen again and that it will work harder to secure patient health information held in its systems.
The initial incident saw the patient data of two of MedEvolve’s clients, the office of Dr Beverly Held and Premier Immediate Medical Care. The affected data included names and addresses, telephone numbers and email addresses, health insurance details, doctor account numbers, and in some cases, Social Security numbers.
The data was unsecured for four months and was viewed by at least one unauthorised person.
“Ensuring that security measures are in place to protect electronic protected health information where it is stored is an integral part of cyber security and the protection of patient privacy,” said OCR director Melanie Fontes Rainer in an announcement. “HIPAA-regulated entities must ensure that they are not leaving patient health information unsecured on network servers available to the public via the internet.”
MedEvolve has said the incident has had no impact on its own healthcare solutions.
“The incident was a result of a data file that was inadvertently placed on [an] FTP server that was separate from our client hosting environment,” the company said in a statement.
“The server was immediately secured upon discovery of the file, and no malicious use of patient information has ever been detected.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.