1 min read

Stolen USB drives continue to generate large HIPAA fines

Picture of Hoala Greevy Hoala Greevy January 20, 2017

HIPAA compliance
USB drives and wrench icon

As we've previously covered, stolen USB drives are a big liability for HIPAA entities. When we last covered it in 2014, we used public data to calculate that it costs an average of $925,000 in HIPAA fines per stolen thumb drive. That average is likely to go up. This week the U.S. Department of Health and Human Services announced it issued a $2.2 million HIPAA fine for a stolen USB thumb drive. The affected entity is MAPFRE Life Insurance Company of Puerto Rico (MAPFRE).

 

USB drives and other portable storage devices

Illustration of USB drives and a tool, representing data storage security

 

USB drive stolen overnight

On 29 September 2011, MAPFRE filed a breach report with HHS indicating that a USB drive containing ePHI was stolen from its IT department, where the device was left overnight. The USB drive included names, birthdates and Social Security numbers of over 2,200 individuals. A subsequent investigation by HHS revealed MAPFRE’s noncompliance with HIPAA regulations.
  • Failure to conduct a risk analysis and implement risk management plans, contrary to what was claimed earlier.
  • Failure to deploy encryption on its laptops and removable storage media until three years after the incident.
  • Failure or significant delay in implementing corrective measures.

 

USB Drives are a HIPAA Violation Waiting to Happen

Our stance on USB drives (thumb drives) remains the same: They do not belong in healthcare and are a HIPAA violation waiting to happen. Here's why:
  • They are easy to steal or misplace.
  • Hardware Encrypted USB Drives are hard to distinguish from non-encrypted drives.
  • Using software to encrypt a USB drive is beyond the ability of most users. In other words, they won't do it.

We believe HIPAA violations like this will further push U.S. healthcare entities to adopt HIPAA compliant cloud storage technologies like Paubox.

 

About MAPRE

MAPFRE is a subsidiary company of MAPFRE S.A., a global multinational insurance company headquartered in Spain. MAPFRE underwrites and administers a variety of insurance products and services in Puerto Rico, including personal and group health insurance plans.

SEE ALSO: HIPAA Fines caused by Stolen Thumb Drives

 

Try Paubox Email Suite for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Two women having a conversation at a desk in an office

Is Drift a HIPAA compliant cloud vendor?

Picture of Hoala Greevy Hoala Greevy : April 14, 2020

We've been seeing more vendors, customers, and prospects asking about HIPAA compliant services. Since Paubox is a Business Associate to thousands of...

HIPAA compliance
Read More
Dental treatment chair and operatory with overhead light and instruments

HIPAA rules that every dentist should know

Hannah Trum : February 26, 2021

By Dr. Steven Kafko, 209 NYC Dental The issue of patient security is vital to the success of all healthcare workers, including dentists. Below we’ll...

HIPAA compliance
Read More
HIPAA Center presented by Paubox

HIPAA center: Top 5 HIPAA moments from February 2017

Picture of Hoala Greevy Hoala Greevy : March 6, 2017

Welcome to the inaugural edition of the Paubox HIPAA Center! HIPAA Center is designed to give you a quick glance into the Top 5 moments that we saw...

HIPAA compliance
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.