Health and Human Services (HHS) has settled a case with Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million for violating the Health Insurance Portability and Accountability Act (HIPAA) and security rules. There are security concerns with BCBST regarding confidentiality, integrity, availability and privacy. There are also security requirements by HIPAA that could have prevented the security issue if it had been enforced. Some corrective actions taken by BCBST were effective and some may not have been adequate. There are HIPAA security requirements and safeguards that the organization must implement to mitigate security risk in terms of administrative, technical and physical safeguards. On October 5, 2009, computer equipment from a network data closet was stolen from BCBST. The stolen items were 57 unencrypted hard drives that contained over 300,000 video recordings and over one million audio recordings. According to Whitman & Mattord (2010), confidentiality, integrity, and availability constitute the CIA triangle that underlies the Committee on National Security model for information security, an industry standard (Whitman & Mattord, 2010). Confidentiality may be synonymous with encryption, but it also means that only people with the correct authorization can access the information. One major security issue is that hard drives are not encrypted. Hard drives should be encrypted to prevent people from reading information on your computer. You can purchase software that will encrypt files on your hard drive with such as Folder Lock, SensiGuard, Secure IT, and more. There are free open source encryption software that could have been used. If the hard drives were not needed, the data would have to be... middle of paper... earn from other companies involved in the breaches of how to protect the information. Training employees on HIPAA, policies and procedures would help mitigate the risks of unauthorized access to information. Meeting the requirements set forth by HIPAA will protect the company, employees and the private information of people within the company's computer network. Works Cited Easttom, C. (2006). Network defense and countermeasures. (p. 10).Upper Saddle River, NJ: Pearson Education, Inc.Grama, A. (2011). Legal issues in computer security. (p. 170).Burlington, MA: Jones & Barlett Learning.Whitman, M., & Mattord, H. (2010). Information security management. (3rd ed., p. 6). Boston, MA: Cengage Learning. Whitman, M., & Mattord, H. (2011). Cyber ​​security reading and cases: law and ethics. (Custom ed. 2011, p. 264). Boston, MA: Cengage Learning.