ProactiveIT Ep 8 – The New Trend in HIPAA Breach Costs

Scott Gombar

5 years ago

Episode 8 Patch Tuesday for Everyone, the new trend in HIPAA breach costs and the HIPAA Omnibus Rule.

https://proactiveitpodcast.s3.amazonaws.com/ep8.mp3?_=1

Subscribe: RSS

This is the ProactiveIT Podcast. This Week: The latest in IT and Cyber Security news plus Patch Tuesday for Everyone, the new trend in HIPAA breach costs and the HIPAA Omnibus Rule.

This is Episode EIGHT! Play some music

Intro

Hi Everyone and welcome to the Proactive IT Podcast. Each week we talk about the latest in tech and cyber news, compliance and more. We also bring you real world examples to learn from so that you can better protect your business and identity.

This podcast is brought to you by Nwaj Tech – a client focused & security minded IT Consultant located in Central Connecticut. You can find us at nwajtech.com.

Patch Tuesday Update:

Firefox 71

Chrome 79

Apple

Microsoft

Intel

Samba

https://www.us-cert.gov/ncas/current-activity

Cyber Security News

UPDATE ON LOUISIANA Ransomware Attack
https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/louisiana-update-75-of-motor-vehicle-offices-still-closed/?utm_medium=email&utm_source=sendpress&utm_campaign

https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/

https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/

https://threatpost.com/ge-dunkin-forever21-internal-doc-leak/150920/

https://www.bleepingcomputer.com/news/google/chrome-79-released-with-security-improvements-proactive-tab-freeze-and-more/

https://www.businessinsider.com/facebook-contractor-bribe-restored-banned-accounts-report-2019-12?utm_content=buffer22867&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer-bi&fbclid=IwAR326LoKx8YHNHTAghMAhqOPMk4_UBRezZ8C9E7huty_CmiV5rNOhXURmrs

https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

https://nakedsecurity.sophos.com/2019/12/13/youtube-bans-malicious-insults-veiled-threats-harassment/

Topic 1: https://nwajtech.com/1-way-hipaa-breaches-might-cost-more-than-a-fine/
https://cyware.com/news/banner-health-reaches-6-million-settlement-to-resolve-lawsuits-pertaining-to-2016-data-breach-09850471

Topic 2: https://cyware.com/news/how-do-phishing-techniques-work-researchers-shine-a-light-on-some-clever-phishing-techniques-64f84d87

Topic 3: https://cyware.com/news/heres-a-look-back-at-data-breaches-in-2019-that-occurred-due-to-rogue-employees-f8fa4ff9

HIPAA Corner: HIPAA Omnibus (Sept 23 2013)

https://www.youtube.com/watch?v=mX-QL9PoePU

New Rights to Individual Health Information
- Patients can now ask for their medical record in electronic form
- If patient pays out of pocket they can request that their information not be shared with their insurance provider.
- Sets new rules for how information is shared for marketing and fundraising, and prohibits the sale of an individual’s health information without authorization.
Makes Business Associates liable for HIPAA violations for the first time (many BAs are not aware of this). BAs are now held accountable by consumers and HHS to safeguard PHI the same way a Covered Entity would.
This rule extends to sub-contractors of Business Associates
Requires Covered Entities to Report Breaches to HHS (within 60 days) unless they can demonstrate that there is a low risk to impacted patients (such as a stolen laptop with encryption).
Sets enforcement guidelines including 4 tiers of fines based on culpability. Repeat negligence in the same calendar year can be fined up to $1.5 million dollars. Negligence can also cost up to $50,000 per record breached.

Breaches

https://www.hipaajournal.com/category/hipaa-breach-news/

Transcription (Unedited)