Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop?

Healthcare IT News: The United States Department of Health and Human Services recently reached an agreement with Lifespan Health System Affiliated Covered Entity in which Lifespan agreed to pay the HHS Office for Civil Rights $1,040,000 and adopt a corrective action plan in the wake of a data breach that exposed over 20,431 patients' protected health information.

The breach occurred when an employee's unencrypted laptop was stolen. It contained electronic protected health information – including patients' names, medical record numbers, demographic information and medication information.

Read article