Communities Connected for Kids (CCK), a Florida-based organization that provides coordination and oversight of the child-welfare system, recently discovered a hack that lasted 7 months. In March 2019, one of CCK’s vendor’s noticed suspicious activity in one of its databases, and reported the incident to CCK. Subsequently, the CCK hired a third-party forensic investigation team to look into the matter.
Through the investigation, it was discovered that an unauthorized party had access to the CCK’s database starting in August 2018. Exposed protected health information (PHI) may have included Social Security number, Medicaid number, medical record number, prescription information, medical and clinical information, health insurance information, financial information, name, date of birth, and contact information.
CCK officials have estimated that 501 individuals were affected by the breach, however, investigations are still underway. Once the investigation is completed, CCK will send out notification letters to affected individuals and offer them free credit monitoring for a year.
Protecting your PHI
It is not uncommon for data breaches to go undetected for months, but the longer your data is exposed, the more risk you incur. This is why it is imperative to have the proper measures in place to properly safeguard PHI.
The Department of Health and Human Services (HHS) requires any organization working with PHI to have physical, technical, and administrative safeguards in place:
- Physical Safeguards: protect the physical security of your offices where PHI or ePHI may be stored or maintained. Common examples of physical safeguards include alarm systems, security systems, and locking areas where PHI or ePHI is stored.
- Technical Safeguards: protect the cyber-security of your business. Technical cyber-security safeguards must be implemented in order to protect the ePHI that is maintained by your business. Examples of technical safeguards include firewalls, encryption, and data back-up.
- Administrative Safeguards: ensure that staff members are properly trained to uphold the security measures you have in place. Administrative safeguards should include policies and procedures that document the security safeguards you have in place, as well as employee training on those policies and procedures to ensure that they are being properly executed.
Compliancy Group Can Help!
Need assistance with your HIPAA compliance? Compliancy Group can help! Our cloud-based compliance software, the Guard™, gives you the flexibility to work on your HIPAA compliance from anywhere that has wifi. Our expert Compliance Coaches® will guide you through our six stage implementation process enabling you to Achieve, Illustrate, and Maintain™ HIPAA compliance.