Breaking Compliance News Blog

*HIPAA ALERT* Unpatched Software Leads to $150,000 Settlement

Posted by Margaret Scavotto, JD, CHC on 12/9/14 11:26 AM

Find me on:

Anchorage Community Mental Health Services (ACMHS) entered a $150,000 settlement with the Office of Civil Rights (OCR) to resolve potential HIPAA Security Rule violations. ACMHS reported a breach involving 2,743 patients.

Upon investigating, the OCR found:

  • The breach was caused by malware.
  • ACMHS adopted "sample" HIPAA Security policies and procedures in 2005 - but did not follow them.
  • ACMHS did not regularly conduct software updates with patches.
  • ACMHS used outdated, unsupported software.

OCR Director Jocelyn Samuels stated: “Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis... This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”

Are you prepared?

The OCR provides a free HIPAA Security Rule Risk Assessment Tool on its website, to help providers achieve security compliance and avoid HIPAA penalties. Are you prepared for HIPAA audits?

HIPAA on a budget:  Get HIPAA compliant with MPA's  HIPAA Tool Kit

Topics: HIPAA

    Privacy Policy           Terms of Use