DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Pediatrics
SEARCH
Endroit courant :
>
> This Story


Ouverture ou Registre to rate this News Story
Forward Printable StoryPrint Comment
advertisement

 

advertisement

 

U.S. Healthcare Homepage

Observations after 20 years of single-use device reprocessing Insights on the ongoing battle to safely increase market competition

Covera Health and Walmart partner to help connect patients with better radiology care Avoid unnecessary and misguided treatments

CyberKnife ads in NY subway raise 'direct-to-consumer' marketing questions at AUA The crossroads of medical accuracy and promotional language

Court denies Hologic's attempt to halt sale of Minerva's ablation solution Follows a drawn out case over patent infringement

FDA ending controversial 'alternative summary reporting' program Announces decision in statement addressing breast implant safety

Radiology Partners and Banner Health team up to establish Banner Imaging Provides imaging services throughout the metro Phoenix area

Radiation oncologists appeal to Congress to safeguard radiotherapy treatment Protecting cancer patients' access to value-based care

Elekta sues ZAP Surgical Systems, claiming patent infringement Over design and sale of ZAP's radiosurgery platform

DR now makes up over 80 percent of US general radiography install base Up from only half in 2015

Ex-Marlboro Hospital radiologist sues UMass for $1 million over discrimination Cites age, gender and nationality discrimination in eight-count suit

Touchstone Medical Imaging to pay $3 million settlement for security breach

par John R. Fischer , Staff Reporter
A medical imaging service provider in Tennessee has agreed to pay $3 million to the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services as a settlement for a security breach that exposed the protected health information of more than 300,000 patients.

The result of an FTP server providing uncontrolled access to patients’ personal health information, the breach at Touchstone Medical Imaging led to the leaking of names, birth dates, social security numbers, and addresses among other information. The details were accessed and indexed by search engines, and remained on the internet even after the server was taken offline.

Story Continues Below Advertisement

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.



“This information in the wrong hands could lead to identity theft, credit fraud, medical fraud, targeted phishing and a number of other attacks that take advantage of personal information,” Mac McMillan, CEO and president at cybersecurity consulting firm CynergisTek, told HCB News. “Moving forward, improving basic cyber hygiene, testing and monitoring their systems proactively will help to avoid this type of misstep. Improving incident response to include relations with Federal authorities trying to help you will also help mitigate risk.”

Notified by the FBI of the breach in May 2014, as well as OCR, Touchstone initially claimed that no patient PHI was exposed, only to later admit that the information of more than 300,000 patients was breached.

An investigation by OCR found that Touchstone waited several months to investigate after being notified of the breach by both the FBI and OCR, preventing patients from being alerted in a timely manner. It also discovered that the Franklin-based practice failed to conduct accurate and thorough risk analyses for potential risks and vulnerabilities within the confidentiality, integrity and availability of its electronic PHI, and that it did not have business associate agreements set up with its vendors, including its IT support vendor and a third-party data center provider, as required by HIPAA.

“Basically, Touchstone failed in its responsibility to understand its risk from its supply chain partners and their partners, which is not uncommon in healthcare. Simply having a business associate agreement is only the first step,” said McMillan. “Organizations need to articulate security requirements in contract documents, perform pre- and post-security reviews, and require vendors to provide updates when anything changes that could impact the security of their data. That includes downstream subcontractors to their supply chain partner.”
  Pages: 1 - 2 >>

U.S. Healthcare Homepage


You Must Be Logged In To Post A Comment

Publicité
Développez la notoriété de votre marque
Enchères + Ventes Privées
Obtenir le meilleur prix
Acheter des équipement / pièces
Trouver le meilleur prix
Infos du jour
Lire Les dernières nouvelles
Annuaire
Consulter tous les utilisateurs DOTmed
Éthique concernant DOTmed
Voir notre programme d'éthique
L'or partie le programme de fournisseur
Recevoir des demandes PH
Programme de marchand de service d'or
Recevoir des demandes
Fournisseurs de soins de santé
Voir tous les outils des HCP (abréviation pour les professionnels de la santé)
Les travaux/Formation
Trouver / combler un poste
Parts Hunter +EasyPay
Obtenir des devis de pièces
Certification Récentes
Voir les utilisateurs récemment certifiés
Evaluation Récentes
Voir les utilisateurs récemment certifiés
Central de location
Louer de l’équipement à moindre prix
Vendre des équipements / pièces
Obtenir le maximum d'argent
Service le forum de techniciens
Trouver de l'aide et des conseils
Simple demande de propositions
Obtenir des devis pour des appareils
Expo Virtuelle
Trouver des services d'appareils
L'Access et l'utilisation de cet emplacement est sujet aux modalités et aux conditions du notre de nos MENTIONS LEGALES & DONNEES PERSONELLES
Propriété de et classe des propriétaires DOTmedà .com, inc. Copyright ©2001-2019 DOTmed.com, Inc.
TOUS DROITS RÉSERVÉS