BreachExchange mailing list archives
South Shore Hospital Will Pay $750, 000 To Settle Data Breach Allegations
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 25 May 2012 02:29:47 -0400
http://www.wbur.org/2012/05/24/south-shore-hospital-data-settlement South Shore Hospital will pay $750,000 to settle claims that it failed to protect consumers’ confidential information, Attorney General Martha Coakley’s office has announced. In 2010, the South Weymouth hospital, using a data management company as a contractor, shipped out three boxes of unencrypted computer tapes to be erased, but only one box made it to its destination. The boxes contained information on 800,000 individuals. Coakley’s office said the information “included individual’s names, Social Security numbers, financial account numbers, and medical diagnoses.” There have been no reports of unauthorized use of patient information, according to the attorney general. Coakley’s office detailed the settlement: The consent judgment approved today in Suffolk Superior Court includes a $250,000 civil penalty and a payment of $225,000 for an education fund to be used by the Attorney General’s Office to promote education concerning the protection of personal information and protected health information. In addition to these payments, the consent judgment credits South Shore Hospital for $275,000 to reflect security measures it has taken subsequent to the breach. Update at 2:55 p.m.: South Shore spokeswoman Sarah Darcy spoke to the Boston Globe: “[Since the breach,] we’ve actually put in a great deal of new measures to protect personal information. Everything — everything — is encrypted now.” _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- South Shore Hospital Will Pay $750, 000 To Settle Data Breach Allegations Jake Kouns (May 30)