Communities Connected for Kids (CCK), a Florida-based organization that provides coordination and oversight of the child-welfare system, recently discovered a hack that lasted 7 months. In March 2019, one of CCK’s vendor’s noticed suspicious activity in one of its databases, and reported the incident to CCK. Subsequently, the CCK hired a third-party forensic investigation team to look into the HIPAA breach.
Through the investigation, it was discovered that an unauthorized party had access to the CCK’s database starting in August 2018. Exposed protected health information (PHI) may have included Social Security number, Medicaid number, medical record number, prescription information, medical and clinical information, health insurance information, financial information, name, date of birth, and contact information.Â
CCK officials have estimated that 501 individuals were affected by the HIPAA breach, however, investigations are still underway. Once the investigation is completed, CCK will send out notification letters to affected individuals and offer them free credit monitoring for a year.Â
Protecting your PHI
It is not uncommon for data breaches to go undetected for months, but the longer your data is exposed, the more risk you incur. This is why it is imperative to have the proper measures in place to properly safeguard PHI.Â
The Department of Health and Human Services (HHS) requires any organization working with PHI to have physical, technical, and administrative safeguards in place:
- Physical Safeguards: protect the physical security of your offices where PHI or ePHI may be stored or maintained. Common examples of physical safeguards include alarm systems, security systems, and locking areas where PHI or ePHI is stored.
- Technical Safeguards: protect the cybersecurity of your business. Technical cybersecurity safeguards must be implemented to protect the ePHI that is maintained by your business. Examples of technical safeguards include firewalls, encryption, and data backup.
- Administrative Safeguards: ensure that staff members are properly trained to uphold the security measures you have in place. Administrative safeguards should include policies and procedures that document the security safeguards you have in place, as well as employee training on those policies and procedures to ensure that they are being properly executed.
Compliancy Group Can Help!
Need assistance with your HIPAA compliance? Compliancy Group can help! Our cloud-based compliance software, the Guardâ„¢, gives you the flexibility to work on your HIPAA compliance from anywhere that has WiFi. Our expert Compliance Coachesâ„¢ will guide you through our implementation process enabling you to Achieve, Illustrate, and Maintainâ„¢ HIPAA compliance.Â