IT Insights Trends

HIPAA Breach Leads to $400,000 Settlement

by | Apr 25, 2017 | HIPAA Risk Assessment, phishing, ransomware

[vc_row][vc_column][vc_column_text]HIPAA RiskIn the 2017 Experian Data Breach Industry Forecast*, healthcare is highlighted as one of the top 5 data breach trends for 2017. “Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging.” They emphasize the need to act: “Healthcare organizations of all sizes and types need to ensure they have proper, up to date security measures in place, including contingency planning for how to respond to a ransomware attack and adequate employee training about the importance of security.”

An example of this trend can be found on our HIPAA Risk Advisor Tool provider’s blog:

Last week OCR announced a settlement with Metro Community Provider Network (MCPN) from Denver, Colorado following a data breach that exposed ePHI for 3,200 individuals. The settlement included a $400,000 fine and the implementation of a corrective action plan. Additional details can be found in the press release.

“On January 27, 2012, MCPN filed a breach report with OCR indicating that a hacker accessed employees’ email accounts and obtained 3,200 individuals’ ePHI through a phishing incident. OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident; however, the investigation also revealed that MCPN failed to conduct a risk analysis until mid-February 2012.”


MCPN filed a breach report at the end of January 2012, but had not done a risk analysis until mid February.

    • Lesson #1 – Risk analysis is more effective before a breach. Once they started doing risk analyses, they did not sufficiently address Security Rule requirements.
    • Lesson #2 – Utilize HIPAA experts rather than taking a do-it-yourself approach to risk assessments and analysis. There are many free tools available to assess HIPAA risk, but without the aid of subject matter experts, your remediation plans may fall short.


HIPAA Risk Advisor is a cloud-based platform that simplifies and accelerates HIPAA compliance initiatives. HIPAA Risk Advisor includes an automated security risk assessment tool and access to a dedicated HIPAA security expert to navigate you through the entire process, providing a risk and gap analysis with recommendations to improve security.  

Great Lakes Computer is a provider of the HIPAA Risk Assessment Tool. Contact us today to learn more.

*View the Full Report here.

Click the link Managed IT services if you would like more information.[/vc_column_text][/vc_column][/vc_row]