HIPAA Violations Result in Hacked Database and $1.5M Settlement

Hacking is a significant threat to health care data and attacks can be very costly. Recently, an orthopedic clinic serving 138,000 patients annually, paid $1,500,000 as part of a settlement agreement with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. The clinic was attacked by a hacker and had a large database stolen by a hacker which included patients’ names, dates of birth, social security numbers, medical procedures, test results, and health insurance information. OCR’s investigation discovered systemic noncompliance with the HIPAA Privacy and Security Rules.

CITI Program’s HIPAA and Information Security Courses

Health Privacy (HIPAA)
This course is intended to cover the core elements of the federal Health Insurance Portability and Accountability Act (HIPAA) requirements.
View Course Details

Information Security
This course provides information on basic techniques for data and device security, including email and mobile devices.
View Course Details

Cookie	Duration	Description
BUY_NOW		This cookie is set to transfer purchase details to our learning management system.
CART_COUNT		This cookie is set to enable shopping cart details on the site and to pass the data to our learning management system.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-33803854-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gat_UA-33803854-7	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
BrowserId	1 year	This cookie is used for registering a unique ID that identifies the type of browser. It helps in identifying the visitor device on their revisit.
CFID	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It is a sequential client identifier, used in conjunction with the cookie "CFTOKEN".
CFTOKEN	session	This cookie is set by Adobe ColdFusion applications. This cookie is used to identify the client. It provides a random-number client security token.
CONSENT	16 years 5 months 4 days 4 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID	1 year 24 days	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_gfpc	session	No description available.
_uetvid	1 year 24 days	No description available.
_zm_chtaid	2 hours	No description available.
_zm_csp_script_nonce	session	No description available.
_zm_cta	1 day	No description
_zm_ctaid	2 hours	No description available.
_zm_currency	1 day	No description available.
_zm_mtk_guid	2 years	No description available.
_zm_page_auth	session	No description available.
_zm_sa_si_none	session	No description
_zm_ssid	session	No description available.
AnalyticsSyncHistory	1 month	No description
BNI_persistence	4 hours	No description available.
BrowserId_sec	1 year	No description available.
CookieConsentPolicy	1 year	No description
cred		No description available.
f	never	No description available.
L-veVQq	1 day	No description
li_gc	2 years	No description
owner_token	1 day	No description available.
PP-veVQq	1 hour	No description
renderCtx	session	This cookie is used for tracking community context state.
RL-veVQq	1 day	No description
twine_session	1 month	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
web_zak	past	No description
wULrMv6t		No description
zm_aid	past	No description
zm_haid	past	No description

Clinic’s HIPAA Violations Result in Hacked Database and $1.5 Million Settlement

CITI Program’s HIPAA and Information Security Courses