No Security Awareness Training? Wait For The Class Action Lawsuit.

No Security Awareness Training? Wait For The Class Action Suit.

Quite the shocker of a title, right?

It's real.

After its painful 2014 breach, Community Health System (CHS) just settled another class action lawsuit related to a prior data breach. It was a big one - over 6 million patients affected.

And yes, we said "another" lawsuit, meaning this is the second massive settlement for the same breach.

The first settlement amounted to $3.1 million for the six million plus patients affected. The most recent, their second settlement, hit $5 million to settle investigations with regulators. Regulators weren't too fond of the lax security procedures they discovered.

As part of the settlement, the health system agreed to implement a list of (very useful!) security measures, including:

  • develop a written incident response plan
  • incorporate security awareness training for all personnel
  • limit access to protected health information
  • implement specific policies regarding business associates.

To be fair, we're kind of shocked these items weren't already in place.

It would be comforting at this point to think this is a one-off. It's not a one-off. Class action suits appear to be a new normal in the aftermath of cyber attacks.

In particular, the healthcare industry is under fierce attack. And this has only increased during the Coronavirus pandemic.

Healthcare organizations have a tremendous amount of sensitive patient information. The burden of protecting that information is increasing - coming from regulators, patients and those class action lawyers.

Remember, hackers have upped their game. Ransomware attacks now start by stealing as much data as they can find. Only after they grab all this data do they encrypt (or lock) your network and issue their ransom demands. If you don't pay up, those stolen files will quickly find their way to the Dark Web, where anything can happen.

It's nasty.

The good news is that these hacks can be stopped!

The first step is training your team to avoid the initial Phishing email, the ones that healthcare organizations are getting every single day.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) sales team here!

Original article here.
[https://www.fiercehealthcare.com/tech/chs-to-pay-5m-to-28-states-to-settle-2014-data-breach]