University of Rochester Medical Center (URMC) will pay $3 million to settle with the U.S. Department of Health and Human Services for failing to encrypt its data, resulting in HIPAA violations. URMC lost an unencrypted flash drive in 2013 and had an unencrypted laptop stolen in 2017. The settlement requires URMC to implement a corrective action plan and undergo two years of HIPAA compliance monitoring. This case highlights the importance of basic security practices, such as encryption, in protecting patient health information.

Nearly 250,000 Records From Tax Credit Consulting Agency Exposed
Summarize this content to a maximum of 60 words: Research has uncovered an unencrypted, non-password-protected database containing 245,949 records.