Resource:
Loss Scenerio: Hackers Access Unencrypted PHI
Learn the potential risks a health care organization loss scenerio can present, and how Chubb can save you time, money and liability.
DESCRIPTION OF EVENT
A physician office’s server, which contained unencrypted protected health information (PHI) for 2,500 patients, was accessed by hackers and encrypted. The hackers subsequently made an extortion demand of $50,000 to decrypt the information and return control of the server back to the physician’s office.
RESOLUTION
After retaining a negotiator at a cost of $45,000 and complying with the hackers’ financial demand, control of the server was returned to the physician’s office. Thereafter, the practice incurred $85,000 in expenses associated with notifying patients regarding the event, hiring a public relations firm, establishing a call center, providing monitoring services, and retaining independent counsel to assess notice and compliance obligations. A subsequent audit from the Office of Civil Rights resulted in a $75,000 fine to the practice under the Health Information Technology for Economic and Clinical Health (HITECH) Act for not having encrypted the PHI.
Could this happen to your organization? Contact a trusted Chubb agent or broker.
