U.S. Sen. Mark R. Warner wrote to the CEO of TridentUSA Health Services on Monday to ask about the company’s data security practices as they relate to Health Insurance Portability and Accountability Act (HIPAA) compliance.
The letter comes after a report found MobileXUSA, an affiliate of TridentUSA Health Services, left an unencrypted server online, exposing the medical data of millions of Americans.
The report claimed many unsecured picture archiving and communication servers (PACS) left the names, dates of birth, medical images, and medical procedures of more than one million Americans accessible to anyone with basic computer expertise.
“While HIPAA lays out some guidelines for secure data storage and transfer, it is not always clear who bears responsibility for securing the data and ensuring the use of proper controls. However, it is certainly the responsibility of companies like yours to control and secure sensitive medical data, maintain an audit trail of medical images, and to ensure the information is not publicly accessible," Warner wrote.
View Sen. Warner's letter below:
Senator Warner is the Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus.
More Sen. Warner News:
- RELATED: Virginia receives over $4 million in federal funding for fire safety
- RELATED: Virginia airports receive more than $23M in funding for improvement projects
- RELATED: Rep. Luria introduces bill to protect Fort Monroe National Monument
- RELATED: Sen. Warner presses State Department's plan for protecting bomb-sniffing dogs sent to partner countries
- RELATED: Sen. Warner raises questions about cybersecurity practices amid breaches
- RELATED: Senator Kaine delivered speech condemning Trump's administration for taking away $3.6B from military contracts