A data breach can be costly. You can ask the University of Mississippi Medical center just how costly it can be. On March 21, 2013 a U-Miss Medical Center privacy officer found that a password-protected laptop was missing from UMMC’s Medical Intensive Care Unit and notified the Department of Health and Human Services Office for Civil Rights. Three years later, the Medical Center is being fined $2.75M for HIPAA violations due to this incident. Approximately 10,000 people were affected by the PHI breach.
Investigation revealed that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet took no preventative action. This is perhaps the most alarming information in this event and think it should be a lesson learned. If you’re part of an organization that handles sensitive data, and you are seeing security vulnerabilities, speak up! Security is everyone’s responsibility.