Extent of the Sound Generations Breach
Sound Generations assured the public that they do not, “collect or store any of its client’s Social Security Numbers, drivers’ license numbers, financial account information, credit or debit card information.” As of the date of their statement, there have been no reports that the unauthorized data was used to commit fraud.
Response to the Sound Generations Breach
Following the investigation of the incidents, Sound Generations stated they have “greatly enhanced its cybersecurity controls, including changing passwords and installing additional security on its systems.”
They also advised affected individuals to remain vigilant for incidents of fraud and identity theft and notify financial institutions if they suspect unauthorized account activity.
Takeaways From the Sound Generations Breach
While it may not be possible to eliminate breaches entirely, every organization regulated by HIPAA is required to make their best good-faith effort to protect patient PHI. That can only be achieved by having a program to achieve and maintain HIPAA Compliance.
Business associates and healthcare providers must meet all of the standards defined by HIPAA’s thousands of pages of regulations. Failure to do so can result in crippling fines that would threaten the future of your organization.
OCR does not issue fines because of breaches. Fines are issued because of violations of HIPAA guidelines that are uncovered during the investigative process.
If you need assistance getting your business HIPAA compliant, Compliancy Group has a simple, stress-free solution that includes individual coaching and support during the process and afterward.