Incident Details
Inmediata settles multi-state litigation for $1.14 million and agrees to improve data security and breach notification practices following a data breach involving protected health information (PHI) in 2019.
Incident
How Did the Breach Happen?
In 2019, Inmediata's PHI was found available online and indexed by search engines due to inadequate security measures. The breach was exacerbated by poor breach notification practices and potential HIPAA privacy violations during the notification process.
What Data has been Compromised?
The compromised data may have included patients' names, addresses, dates of birth, gender, medical claim information, and in some cases, Social Security numbers.
Why Did the company's Security Measures Fail?
Inmediata failed to conduct a secure code review before the breach, lacked timely and complete breach notification to affected individuals as required by law, and did not implement reasonable data security measures.
What Immediate Impact Did the Breach Have on the company?
The breach led to a multi-state investigation, a potential class action lawsuit, and a settlement of $1.14 million without admission of guilt. Inmediata had to overhaul its data security practices and breach notification procedures.
How could this have been prevented?
- Conduct regular secure code reviews to identify vulnerabilities
- Implement robust data security measures to protect PHI
- Ensure timely and complete breach notifications to affected individuals
What have we learned from this data breach?
- Importance of proactive data security measures
- Significance of timely and transparent breach notifications
- Need for compliance with HIPAA and state consumer protection laws
Summary of Coverage
In 2019, Inmediata experienced a data breach exposing PHI online, leading to a multi-state investigation and a $1.14 million settlement. The breach highlighted failures in data security and breach notification practices.