On January 5th, wireless company T-Mobile discovered that hackers accessed data of about 37 million of its customers. Some of the data accessed included names, birth dates, emails, phone numbers and billing addresses, which in the healthcare industry, can be considered protected health information (PHI) when dealing with the treatment of a patient.
Although T-Mobile doesn’t believe the systems were breached and the data was gathered through an API (application programming interface), this incident goes to show that even the biggest players in the technology industry are not invincible. This is the second time that T-Mobile has been affected by hackers, the first incident being a security lapse in 2021 that affected about 76.6 million customers, with 50 million of those having their personal information for sale on the web.
Who claimed responsibility for the first hack? A 21-year-old American living in Turkey who said that the wireless company’s security practices left him an easy path to steal the data, which in that breach consisted of Social Security numbers, birth dates and phone-specific information. Although T-Mobile apologized and promised improvement in their data safeguards, 76.6 million people can’t recoup their information being broadcasted on the internet.
What Does This Have to Do With HIPAA?
What we can learn from this incident is that even the largest firms in the world, with plenty of money to implement top-tier security measures, are vulnerable to hackers and data breaches. Whether you are a solo practitioner or the compliance officer for a large healthcare system, there are threats out there just waiting to take advantage of a misstep in your security safeguards.
Using a tool like Compliancy Group’s The Guard™, you can ensure that you have the appropriate measures in place to protect your organization under HIPAA regulations. We help you track those exact security measures needed to protect patient data, and help provide recommendations on different tools and services that you can add to your practice’s technology.
In the case that a breach does ever occur with your company, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will look into the incident to determine whether or not it could have been prevented.
While the OCR won’t fault an organization for being breached, if while investigating the incident, it is determined that you failed to meet HIPAA standards, you are likely to be fined and subject to corrective action.
Compliancy Group’s documentation and tracking can help prove to the government that you have made your “good faith effort” towards compliance, and our track record of a 100% audit success rate can help you sleep worry-free at night.
