BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

South Shore Hospital Will Pay $750, 000 To Settle Data Breach Allegations

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 25 May 2012 02:29:47 -0400
http://www.wbur.org/2012/05/24/south-shore-hospital-data-settlement

South Shore Hospital will pay $750,000 to settle claims that it failed
to protect consumers’ confidential information, Attorney General
Martha Coakley’s office has announced.

In 2010, the South Weymouth hospital, using a data management company
as a contractor, shipped out three boxes of unencrypted computer tapes
to be erased, but only one box made it to its destination. The boxes
contained information on 800,000 individuals.

Coakley’s office said the information “included individual’s names,
Social Security numbers, financial account numbers, and medical
diagnoses.”

There have been no reports of unauthorized use of patient information,
according to the attorney general.

Coakley’s office detailed the settlement:

The consent judgment approved today in Suffolk Superior Court includes
a $250,000 civil penalty and a payment of $225,000 for an education
fund to be used by the Attorney General’s Office to promote education
concerning the protection of personal information and protected health
information. In addition to these payments, the consent judgment
credits South Shore Hospital for $275,000 to reflect security measures
it has taken subsequent to the breach.

Update at 2:55 p.m.: South Shore spokeswoman Sarah Darcy spoke to the
Boston Globe:

“[Since the breach,] we’ve actually put in a great deal of new
measures to protect personal information. Everything — everything — is
encrypted now.”
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: