BreachExchange mailing list archives
Lucile Packard Children's Hospital Appeals CDPH Fine
From: security curmudgeon <jericho () attrition org>
Date: Fri, 10 Sep 2010 15:53:20 -0500 (CDT)
http://www.lpch.org/aboutus/news/releases/2010/cdph.html Lucile Packard Children's Hospital Appeals CDPH Fine For Release: September 09, 2010 PALO ALTO, Calif. -- Lucile Packard Children.s Hospital at Stanford is appealing a California Department of Public Health (CDPH) penalty. The CDPH on April 23, 2010, after the self-reporting of a security incident by Packard Children.s, alerted the hospital that a fine of $250,000 was being levied as a result of what CDPH believes was a late reporting of the incident. This isolated incident was related to the apparent theft earlier in the year of a password-protected desktop computer that contained information about 532 patients. The computer in question was used by an employee whose job required access to patient information. Even though the employee had signed written commitments to keep patient information confidential and secure in accordance with legal requirements and hospital policies, the hospital received reports that the now-former employee allegedly removed the computer from hospital premises and took it home. The hospital immediately began a thorough investigation and also reported the matter to law enforcement in an attempt to recover the computer quickly. As soon as the hospital and law enforcement determined the computer was not recoverable, the hospital voluntarily reported the incident to the California Department of Public Health (CDPH) and federal authorities, as well as the families of potentially-affected patients. The hospital also provided to the families identity theft protection and other support services. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Lucile Packard Children's Hospital Appeals CDPH Fine security curmudgeon (Sep 10)