Problem
Case: Transactions Application Group, Inc., a business associate (BA) for the covered entity (CE), Community Health Plan of Washington, failed to properly secure a port on a computer network server used for transferring electronic files (a File Transfer Protocol (FTP) server), resulting in an incident of unauthorized access to electronic protected health information (ePHI) maintained at the BA. The breach affected 381,504 individuals and included individuals' names, addresses, dates of birth, social security numbers, and certain coding information related to health care claims. The CE provided breach notification to the affected parties, the media, and HHS, and offered one year of free credit and identity theft monitoring. The CE also implemented additional technical safeguards. OCR obtained assurances that the CE implemented the corrective actions listed above.
As a manager, what might you have done to prevent the breach from happening in the first place?