Stolen USB Drive Gets Insurance Company $2.2 Million HIPAA Fine - Olmec Skip to main content

Stolen USB Drive Gets Insurance Company $2.2 Million HIPAA Fine

By February 6, 2017March 1st, 2023Cybersecurity

The Department of Health and Human Services is off to a busy start in 2017, having just levied their second hefty fine for HIPAA violations. In this instance, the company in question was Puerto Rican insurer MAPFRE.

Back in 2011, MAPFRE had reported an ePHI incident involving a flash drive that was stolen from the company’s IT department, where it had been left in the open and unsecured overnight. The drive contained the names, social security numbers and other protected health information for slightly more than two thousand MAPFRE customers.

After properly reporting the breach, the company conducted a risk analysis and crafted an action plan designed to prevent such instances from occurring in the future. They presented their plan to OCR, which is the Health Department’s investigative arm, but then failed to implement their new proposed procedures.

When a follow up investigation revealed that the company had not taken the actions they committed to taking, in order to improve the physical aspect of their data security, OCR levied a staggering $2.2 million fine against them.

Last year was a record-setting year for the Department of Health and Human Services with thirteen settlements issued, plus a civil monetary penalty case. If January is any indication, the department looks like it’s going to have a busy 2017 as well.

Once again, the size of the settlement underscores the importance of taking HIPAA regulations seriously, but this particular case also brings to light the importance of taking timely corrective action. In this instance, MAPFRE did everything right except for the last step, when they failed to actually implement the changes they had committed to making. That proved to be a costly mistake. If your business deals with protected health information in any capacity, be sure it’s not one you repeat. Doing so could be far more costly than you realize!

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.