Rochester Medical Center Breach!

New York State attorney general fines Rochester Medical Center for having a non-existent information security training program. An employee of the Medical Center released patient information to her future employer without gaining permission from the patients. Obviously, this is a huge infraction according to the HIPAA Security Rule.

Often we mention implementing an information security program into firms, and while security awareness training is a huge part of that program, often training is left out. If you secure every aspect of your technology, this does not ensure end to end security as information technology is only 45 percent of information security, if not less in other industries.

Having a sound information security plan will cover employees, IT Staff, executives, third parties, etcetera. This hospital should look to review their security program and solidify the weak areas before the fines begin to mount in other areas.

For more information, please contact The Knox Corps!

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
  • Facebook
  • LinkedIn Social Icon
  • YouTube Social  Icon
  • Twitter Social Icon



_MS, Information Security


_CCIE Security

_Certified Information Privacy Profesional (CIPP/US)

_Cisco Intrusion Prevention Specialist 


_FBI InfraGard


The Knox Corps. All Rights Reserved.