The Largest Data Breach Settlement of All Time
Every second, nearly 45 data records are lost or stolen.
When this occurs in a business, all their records are put at risk.
This also puts the clients’ personal information at high risk.
Not only does it create distrust between the company and its customers, it also comes with a high price tag.
Unfortunately, data breaches happen all too often.
Advocate Health Care and the U.S. Department of Health and Human Services settled in what is called the largest settlement of all time.
The Largest Settlement to Date
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled at $5.5 million with Advocate Health Care.
Advocate Health Care violated the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA protects personal health information from falling into the wrong hands. Health care providers are responsible for the safety of their patients’ private information.
Over 4 million patients’ personal information was stolen. This information included their health insurance information, names, addresses and credit card numbers.
The exposure came after the first incident in August 2013. Four desktop computers were stolen from an Advocate Health office in Park Ridge, Illinois.
These computers contained the records of millions of local patients.
The second incident occurred in the periods between June and August of 2013.
Hackers gained access to the network of the billing service used by Advocate Health. This incident exposed the health records of over 2,000 patients.
On November 1, 2013, another breach occurred.
Yet another computer was stolen from a vehicle. This incident exposed 2,230 patients’ protected health information.
After Advocate reported these breaches, the HHS began an investigation.
Laws are in place that require health providers to protect their patients’ health information.
The HHS found that Advocate Health violated these laws.
The OCR found that Advocate Health unsuccessfully:
- researched the potential risks relating to the protection of protected health information
- enacted policies and procedures to limit the access of electronic systems
- safeguarded laptop computers that were kept in unlocked vehicles
The department found Advocate Health Care at fault for not securing a written contract from their billing subsidiary.
This written contract should have stated that they would protect any electronic protected health information within its custody.
Advocate Health has responded, stating that:
“As all industries deal with the ever-evolving digital landscape and the impact it has on security, we’ve enhanced our data encryption measures to prevent this type of incident from reoccurring.”
Advocate Health Care Network includes more than 250 treatment locations. This includes ten hospitals and two children’s hospitals.
This makes it one of the largest healthcare providers in the state of Illinois.
Advocate Medical Group (AMG) is a branch of Advocate Health Care.
AMG provides primary care services, medical imaging, and specialty health care services.
This medical group services the larger Chicagoland area.
With new technology, data breaches are becoming more common than ever before.
Health providers need to further protect themselves as well as their patients. Health providers may seek help from a data breach lawyer.