Today the Columbus Dispatch reported that hackers had broken in the Ohio University health center for the third time during the past 3 weeks. Some of the people whose information was taken have already noticed their information being used fraudulently. The potential exists for the information to continue to be used in the coming months…if it hasn’t been misused yet, it certainly is no assurance that it will not be misused.
The Department of Health and Human Services indicated they are going to investigate to see if HIPAA requirements have been violated.
Appears there have been some sanctions applied as a result…
"Three OU officials have been placed on paid administrative leave to help ensure a "full and fair" audit, OU spokesman Jack Jeffery said. The action is not disciplinary, and the employees are not suspected of wrongdoing, he said. Duane Starkey, director of computer services; John Beam, assistant director of computer services; and Steve Ray, server administrator, were suspended Friday."
Technorati Tags
regulatory compliance
information security
data protection law
HIPAA
hackers
privacy