Yesterday New York-Presbyterian Hospital and Columbia University agreed to pay $4.8 million to settle allegations that they failed to protect the electronic health information of thousands of patients. It was the largest HIPAA settlement ever made.
New York-Presbyterian and Columbia operate a shared network and firewall administered by employees of both organizations. The breach occurred when a single physician at Columbia tried to deactivate his personal computer server on the same network that contained New York-Presbyterian health information. Apparently, he was better at health care than computers. His effort made the patient information accessible on the internet through search engines.
The resulting investigation by the Office of Civil Rights showed that the hospitals had made insufficient efforts before the breach at ensuring that the server was secure and had adequate software protections.
Today’s post was contributed by Norman G. Tabler, Jr.
Speak Your Mind