MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful.

In the complaint filed Tuesday in a Texas federal court, MD Anderson argues that HHS, as a federal agency, does not have the authority to impose the civil monetary penalty against the cancer center because MD Anderson, which is part of the University of Texas, is a "state agency."

David Holtzman’s comments were featured in this article.

Previous Article
Hacked! What to Do Following a Cyberattack
Hacked! What to Do Following a Cyberattack

Next Article
GAO: HHS Has Not Implemented Critical Cyber Recommendations
GAO: HHS Has Not Implemented Critical Cyber Recommendations