Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches
Medical supplies giant Fresenius Medical Care North America (FMCNA) agreed to pay $3.5 million to U.S. federal regulators after five separate data breaches in 2012. The U.S. Department of Health and Human Services Office for Civil Rights levied the fine along with a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. A federal investigation found the company failed to conduct an accurate risk analysis of vulnerabilities to its protected information. FMCNA filed five breach reports in January 2013 covering incidents from February-July 2012 impacting the electronic protected health information for five FMCNA-owned branches across the United States. The list of violations is long. One branch didn’t encrypt sensitive information, another had no policies around removing hardware from facilities, two businesses had no safeguards against unauthorized access or theft while yet another had no procedure to address security incidents, according to the federal investigation. “The number of breaches, involving […]
The post Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches appeared first on Cyberscoop.