HHS Issues Yet Another Big HIPAA Breach-Related Fine

HHS Issues Yet Another Big HIPAA Breach-Related Fine

Tennessee-based CHSPSC LLC, a unit of Community Health Systems Inc. that provides IT and health information services to the system’s hospitals and clinics, has agreed to pay $2.3 million to settle a case tied to a 2014 breach affecting 6.1 million individuals.

CHS’s affiliates own, operate or lease 93 hospitals in 16 states, the company’s website notes.

In a statement Wednesday, the Department of Health and Human Services’ Office for Civil Rights says CHSPSC LLC has also agreed to adopt a corrective action.

OCR notes that in April 2014, the FBI notified CHSPSC that the Chinese advanced persistent threat group known as APT 18 had attacked the company’s systems. “Despite this notice, the hackers continued to access and exfiltrate the protected health information of [millions of] individuals until August 2014,” OCR says. “The hackers used compromised administrative credentials to remotely access CHSPSC’s information system through its virtual private network.”

OCR says its investigation found “longstanding, systemic noncompliance with the HIPAA




Next Article

Did you find this useful?

Medigy Innovation Network

Connecting innovation decision makers to authoritative information, institutions, people and insights.

Medigy Logo

The latest News, Insights & Events

Medigy accurately delivers healthcare and technology information, news and insight from around the world.

The best products, services & solutions

Medigy surfaces the world's best crowdsourced health tech offerings with social interactions and peer reviews.


© 2024 Netspective Media LLC. All Rights Reserved.

Built on Mar 28, 2024 at 3:00am