Solara Will Pay $3M to Settle Possible HIPAA Violations
Solara Medical Supplies will pay $3 million to resolve possible violations of the Health Insurance Portability and Accountability Act (HIPAA), the Department of Health and Human Services said Tuesday.
Sign up for a free preview to unlock the rest of this article
Solara settled with the department’s Office for Civil Rights after the agency flagged a potential violation of HIPAA’s security and breach notification rules following a November 2019 phishing attack that resulted in the breach of more than 114,000 individuals’ electronic protected health information, said HHS. In January 2020, OCR learned of a second breach where Solara reported sending 1,531 breach-notification letters to the wrong addresses, said HHS.
Under the settlement, Solara also must implement a corrective action plan that OCR will monitor for two years.
“Effective cybersecurity requires identifying potential risks and vulnerabilities to health information and implementing effective security measures to protect against them,” said OCR Director Melanie Fontes Rainer. “OCR urges health care entities to prioritize securing their information systems and take all necessary steps to reduce and prevent cyberattacks and safeguard protected health information.”