A company recently purchased a set of multifunctional printer-scanners from a reputable printer vendor. These devices had previously been used by another firm, likely returned after the completion of a lease. Upon setting up the new printers, the IT team discovered that the local hard drives of the devices were still storing the previous user's unencrypted sensitive files.
You may have heard the acronyms GDPR and CCPA recently and wondered what they were all about. Both are acronyms for data privacy rules that seek to control how you collect and control data on your website and within your company. If you’ve heard anything about the GDPR, you know that it’s a European Law, and based on that description you might have concluded that it doesn’t apply to your company.
If you’re in the healthcare industry, you probably have heard of HIPAA, the Health Insurance Portability And Accountability Act. And if your business falls under any of the classifications that is covered by HIPAA, you might have heard of a HIPAA Assessment.
HIPAA has many regulations, and many of them are surprisingly simple and inexpensive to implement, such as Business Associate Agreements. All you need to do is have your contractors and service providers fill out a well-written, compliant BAA and the task is complete.
Doctors have a lot of deal with these days, especially with all the new changes in health insurance and advances in modern medicine. Getting hacked has got to be a horrible experience for doctors, too, because not only does someone else have a copy of your data, the "bad guys" may be holding your data hostage (and charging you thousands of dollars to get it back). Or they might simply have deleted it from your network entirely (including your backups).
So what could be worse than that?
The short answer is that the law has no problem with kicking a company when it’s down, and so as your office might be struggling to figure out how badly you were hacked, to restore the lost data, and to get back to “business as usual,” the Department of Health and Human Services just might come along and fine you a million dollars or more.