The University of Mississippi Medical Center is being penalized $2.75 million for a health data breach by the U.S. Department of Health and Human Services.
The hospital also must implement a three-year corrective plan to correct shortcomings found in an investigation.
|Stolen laptop
The Hill reports the fine came for a series of violations of Health Insurance Portability and Accountability Act privacy and security requirements. The hospital agreed to settle with HHS's Office of Civil Rights, without admitting liability, in the case of a password-protected laptop that was stolen, probably by a visitor to the hospital's intensive care unit who had asked to borrow the laptop.
Although the laptop itself was protected by a generic username and password, it allowed easy access to the hospital network and to the private health data for 10,000 patients. The laptop was assigned to the intensive care unit, and although individual logins were required to access the network, no such barrier stood between a user and the patient record database.
Recommended For You
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
