Do you know whether your server firewall is on? Well, somebody better know, or it could cost you a fine of $400,000 just like it cost the Idaho State University last month.
The HIPAA fine was assessed by the Office of Civil Rights (OCR) for 17,500 patient records that were left exposed when the firewall protection for several servers were turned off for maintenance and never returned to service for 10 months. The fine also included penalties for not conducting a risk assessment, failing to have adequate security protections, and failure to review system information to be aware of security status and file access.
The lesson here is that unintentional breaches of security and privacy can occur due to human error. Your system should be set up to identify threats, and then someone should be assigned to reviewing the alarms and reports that it produces on a prompt and regular basis.