HHS settles with Denver provider for $400,000 for 2011 breach

Healthcare IT News: Denver-based Metro Community Provider Network (MCPN) has agreed to pay $400,000 to the U.S. Department of Health and Human Services, in addition to implementing a corrective action plan, HHS announced Wednesday.

The settlement covers a HIPAA violation stemming from a Dec. 2011 breach. A hacker successfully leveraged a phishing attack to access employee email accounts and obtain the data of 3,200 patients. Officials said the settlement reflects MCPN’s lack of security management plan to protect ePHI.

MCPN filed a breach report with HHS on Jan. 27, 2012.

Read article