BreachExchange mailing list archives
UMass Memorial health care entities to pay $230,000 over data breaches — 15,000 patients exposed
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 20 Sep 2018 21:14:59 -0500
http://www.telegram.com/news/20180920/umass-memorial-health-care-entities-to-pay-230000-over-data-breaches---15000-patients-exposed WORCESTER — UMass Memorial Medical Center Inc. and UMass Memorial Medical Group Inc. will pay $230,000 to the state after two former employees in separate data breaches and for personal fraudulent purposes exposed the personal and health information of more than 15,000 state residents, Attorney General Maura Healey announced Thursday. The two former employees in separate breaches accessed patients’ information — including names, addresses, Social Security numbers, clinical information and health insurance information — for fraudulent purposes, such as opening cell phone and credit card accounts, the AG announced in a news release. The two UMass Memorial entities allegedly knew about the employees’ misconduct, but failed to properly investigate complaints, the AG’s office maintains in its complaint, filed last week along with a consent judgment in Suffolk Superior Court. In addition to the $230,000 penalty, UMass Memorial Medical Group, Inc. and UMass Memorial Medical Center Inc. have agreed to conduct employee background checks and ensure proper employee discipline; train employees on the proper handling of patient information; limit employee access to patient information; identify and remediate potential data security issues; and promptly investigate suspected improper access to patient information. The entities will also have to hire an independent third-party company to conduct a review of its data security policies and procedures. The report will be forwarded to the AG’s office. A UMass Memorial spokesman, in a statement distributed to media outlets said, “UMass Memorial regrets that these incidents occurred. In the four years since they took place we have taken steps aimed at further strengthening our privacy and information security program. This includes the implementation of additional technical tools that safeguard patient information, and enhancement of our existing privacy and information security procedures. We cooperated fully with the attorney general’s office to reach the resolution announced today.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- UMass Memorial health care entities to pay $230,000 over data breaches — 15,000 patients exposed Destry Winant (Sep 21)