Global Edition
Privacy & Security

New Jersey slams Best Medical Transcription with $200K fine for 2016 breach

The Attorney General also banned the former business associate of Virtua Medical Group from doing business in the state for accidentally uploading 1,654 patient files to an FTP server left open to the public.
By Jessica Davis
November 05, 2018
03:59 PM

Best Medical Transcription settled with the New Jersey Attorney General for $200,000 for its role in the breach of 1,654 Virtua Medical Group patients in January 2016.

As part of the settlement, the owner of Best Medical Transcription also is barred from ever owning or managing a business within the state again.

WHAT HAPPENED

In January 2016, the transcriptionist vendor accidentally uploaded 1,654 patient files of Virtua to an FTP server that was left open to the public, with no need for authentication. What’s worse is that these files were indexed by Google and could then be found using key search terms from those patient files.

The cause? Password protection was removed during a software update.

As a result, Virtua ended its contract with the vendor in response to the breach, while Best Medical dissolved in 2017. The New Jersey AG office began investigating the incident shortly afterward.

In April 2018, Virtua was fined $418,000 by the New Jersey AG for its role in the breach. The AG found Virtua not only failed to conduct a thorough risk analysis of patient data confidentiality sent to its transcriptionist, it didn’t implement the necessary security measures to reduce that risk.

Virtua also failed to create a security awareness and training program, while there were “unacceptable delays” in both identifying and responding to the breach.

WHY IT MATTERS

Simply fining Virtua was not enough. The third-party vendor was also responsible for the  misconfiguration, hence the severity of the fine and the disbarment from performing business in the state.

“Patient privacy laws don’t just apply to doctors,” Paul Rodríguez, acting director of the division of consumer affairs, said in a statement. “Our settlement with Best Medical Transcription sends a message that New Jersey requires compliance from all entities bound by patient privacy standards.”

The settlement for both Virtua and the now defunct Best Medical Transcription serves as an important reminder that organizations need to routinely assess and validate the security measures of their third-party vendors and business associates.

As Jane Harper, Henry Ford Health System director of privacy and security risk management, often reminds the industry: Vendor management security should be built like a marriage, continuing to assess and manage compliance.

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com

Topics: 
Privacy & Security

More regional news

Doctor charting in EHR

Telehealth, hybrid care adding to physicians' EHR workload

By
Nathan Eddy
May 02, 2024
UHG CEO Andrew Witty

UHG says it's rebuilding Change Healthcare with cloud-based security

By
Andrea Fox
May 02, 2024
Walmart store

Walmart announces closing of clinics and virtual care

By
Susan Morse
May 01, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

UHG CEO Andrew Witty
UHG says it's rebuilding Change Healthcare with cloud-based security

Most Read

WebMD acquires Healthwise to bolster patient engagement and growth
How the Change Healthcare cyberattack is straining providers, and what the government can do
HHS response to cash flow concerns from Change cyberattack inadequate, providers say
After Change Healthcare, more effort needed to avoid cyberattack chain reactions
HIMSSCast: Web apps are ubiquitous in healthcare – and come with vulnerabilities
Change Healthcare begins to restore service after cyberattack – as lawsuits begin

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Privacy & Security
Artificial Intelligence
Analytics

Video

Abigail Norville at the Netherlands Ministry of Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How the Dutch health ministry takes innovation inspiration from other nations
Dr. Guido Giunti at Trinity College Dublin_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Novel digital therapeutics for MS empower patients
Kendall Brown at CenTrak_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How HIMSS membership can grow healthcare careers
Ellen Arigorat at NewYork-Presbyterian Hospital Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
HIMSS Changemaker champions Filipino-American health literacy

More Stories

Gustavo Adolfo Torres Becerra at Minsait__Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Healthcare organizations need interoperability to give residents preventative care
Digital render of a DNA helix
Pharmacogenomics could improve medication safety and reduce waste
Alfredo Almerares, clinical executive manager at InterSystems
How the “human factor” drives successful healthcare technology adoption
Health professional at desktop computer
How AI-powered systems can help physician groups improve coding – and earn more
Nurse huddle with tablet
Nurses have a deep distrust of AI – but transparency and training could help
Dr. Jonah Feldman at NYU Langone Health System_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Want to reduce readmissions? Personalize digital discharge guides
Gabriel Garcia-Lopez at the Los Angeles LGBT Center Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
From HIMSS conference attendee to 2024 HIMSS Changemaker
Kaiser building
Kaiser reports 13.4 million people affected by data breach