Common PCI Violations
The Payment Card Industry Data Security Standard (PCI DSS) keeps credit and debit card data secure when healthcare organizations accept, transmit, and store it. When this security is compromised, hackers can gain access to sensitive data. Though a PCI DSS violation is often unintentional, it can cause significant damage to your healthcare organization and its patients.
What Is a PCI DSS Violation?
A PCI DSS violation occurs when an organization does not follow part or all of the Payment Card Industry (PCI) regulations. There are many ways to violate PCI DSS, especially if an organization doesn’t have a system to handle sensitive data. Some examples of PCI DSS violations include:
- Keeping credit card information on paper in unlocked or unsecured cabinets.
- Linking point-of-sale systems to other systems that do not have adequate PCI protection.
- Insufficiently protecting customer and employee usernames and passwords.
- A lack of file integrity or change-detection software.
- Failure to document significant changes.
- Poor cryptographic key management.
- Leaving cardholder data in clear public view.
The Risks of PCI DSS Noncompliance
With PCI DSS noncompliance, your healthcare organization could face:
- Costly fines: Fines can range from $5,000 to $100,000 a month depending on your company’s size and the severity of the noncompliance.
- Expensive legal cases: If hackers steal cardholder data, affected patients could sue you. If your organization doesn’t meet PCI regulations, credit card companies can take legal action as well.
- Damaged reputation: A data breach can damage your organization’s image. Patients may be less likely to trust you with their confidential information.
Some PCI violation cases are well-known due to the significant damage they caused and the media coverage they gained. Here are the largest PCI fines from recent cases:
- Equifax paid $425 million in settlements for losing sensitive data for 143 million customers.
- Target paid $18.5 million in settlements and $202 million in legal fees after hackers stole 40 million credit card numbers.
- Heartland Payment Systems faced payments of $140 million in compensation and a 14-month ban from processing payments of major credit card providers for a structured query language (SQL) injection breach.
- Adobe faced a $1 million fine to settle in 15 states for compromised login information for 38 million customers and credit card records for 3 million customers.
Contact Agio Today
With healthcare cybersecurity services from Agio, your organization can protect patients’ sensitive data and avoid PCI fines and penalties. Learn more about our PCI compliance assessment and PCI 360° compliance program today.
Share post
Featured Posts
Connect with us.
Need a solution? Want to partner with us? Please complete the fields below to connect with a member of our team.