New Jersey fines Virtua Medical $418,000 for HIPAA breach

Virtua Medical Group has been fined over $418,000 by the New Jersey Attorney General after a misconfigured database breached the protected information of 1,654 patients. The investigation found that Virtua failed to conduct a thorough analysis of the risk to patient data and did not implement security measures to reduce the risk, violating HIPAA. The medical group also lacked a security awareness program and experienced delays in identifying and responding to the breach. Best Medical Transcription, Virtua’s business associate, also failed to keep patient information private. Virtua has agreed to hire a third-party security professional and perform a risk assessment every two years as part of a corrective action plan.