Vermont attorney general TJ Donovan has announced he will fine the Cary, North Carolina-based company SAManage USA Inc. $264,000 as part of a settlement agreement with the data management company stemming from a breach involving the state’s Healthcare Insurance Exchange. The Social Security numbers of 660 users of Health Connect, Vermont’s healthcare exchange, were exposed in a 2016 data breach.
The breach was due to an Excel spreadsheet with 660 Social Security numbers being viewed publicly without requiring authentication by SAManage’s information technology system. The data breach was discovered by a Vermont customer who found it after the URL was added to Bing search results by a Microsoft web crawler. The customer then reported it to the State Attorney General’s office.
In order to avoid any breaches in the future, SAManage will also change its information security and legal compliance programs as part of the settlement. According to the company, SAManage is working with the attorney general in order to resolve the issue.
As you can see, lapses in healthcare data security can be extremely costly. Aside from the monetary fines, a data breach can hurt a business’s reputation, damaging its ability to retain and grow their client base. Get our book, How HIPAA Can Crush Your Medical Practice, to find out more.