BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Lucile Packard Children's Hospital Appeals CDPH Fine

From: security curmudgeon <jericho () attrition org>
Date: Fri, 10 Sep 2010 15:53:20 -0500 (CDT)

http://www.lpch.org/aboutus/news/releases/2010/cdph.html

Lucile Packard Children's Hospital Appeals CDPH Fine
For Release: September 09, 2010

PALO ALTO, Calif. -- Lucile Packard Children.s Hospital at Stanford is 
appealing a California Department of Public Health (CDPH) penalty.

The CDPH on April 23, 2010, after the self-reporting of a security 
incident by Packard Children.s, alerted the hospital that a fine of 
$250,000 was being levied as a result of what CDPH believes was a late 
reporting of the incident. This isolated incident was related to the 
apparent theft earlier in the year of a password-protected desktop 
computer that contained information about 532 patients.

The computer in question was used by an employee whose job required access 
to patient information. Even though the employee had signed written 
commitments to keep patient information confidential and secure in 
accordance with legal requirements and hospital policies, the hospital 
received reports that the now-former employee allegedly removed the 
computer from hospital premises and took it home. The hospital immediately 
began a thorough investigation and also reported the matter to law 
enforcement in an attempt to recover the computer quickly.

As soon as the hospital and law enforcement determined the computer was 
not recoverable, the hospital voluntarily reported the incident to the 
California Department of Public Health (CDPH) and federal authorities, as 
well as the families of potentially-affected patients. The hospital also 
provided to the families identity theft protection and other support 
services.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: