They were just simple photocopiers. Nothing special. Just put the paper on the glass, press the button and move on.
But for Affinity Health Plan, these simple copy machines compromised the protected health information of 344,579 patients, leading to a $1.2 million HIPAA violation fine.
A 2010 CBS investigative report identified a New Jersey warehouse storing 6,000 used copy machines awaiting purchase and delivery to their next owners, all around the world.
The reporters selected several machines at random, one of which had been leased to Affinity Health. A screwdriver, a laptop and about a minute of time is all it took for the reporters to download thousands of patient names, addresses, social security numbers and diagnoses.
To you, a copy machine looks like a fancy printer. To a hacker, it looks like a no-lock, no-password trove of valuable data to be sold, exploited and shared with other criminals. Whether it’s identity theft or blackmail, the consequences of unprotected health data can be personally devastating to patients and financially ruinous for the professionals who care for them.
In fact, an off-lease copy machine purchased for as little as $600 is an incredibly affordable way to collect valuable private medical, financial and identity details about thousands of people. The largest hard drive that can be installed in a copy machine is 15 terabytes. That’s the storage (and breach) potential of more than eight billion health documents!
Since 2002, just about every new photocopier sold in the United States has featured a hard drive. Understanding your technology and incorporating that knowledge into your workflow is essential to maintaining a HIPAA-compliant office.
The HIPAA E-Tool® includes all the information you need to protect your business from a violation such as that experienced by Affinity Health. Let us show you how fast and easy HIPAA compliance can be.