US hospital fined $750,000 following data breach

Powered by SC Magazine
 

Hospital lost phone numbers, birth dates, and health care data.

A US hospital has agreed to settle in court $750,000 (A$769,000) over allegations concerning its failure to protect sensitive patient data.

The consent judgment approved in Suffolk Superior Court involving South Shore Hospital included a $250,000 (A$256,000) civil penalty and a payment of $225,000 (A$231,000) to be used by the AG's office to create awareness concerning data security and sensitive information.

The hospital was credited $275,000 (A$282,000) “to reflect security measures it has taken subsequent to the breach.”

In February 2010, three boxes containing 473 unencrypted tapes with the personal and confidential information of 800,000 people, was shipped by South Shore Hospital to data management contractor Archive Data Solutions, which was to erase the information, then resell the tapes, the statement said.

In June 2010, the hospital learned that only one of the boxes had arrived.

Among the information included on the back-up tapes were Social Security numbers, addresses, phone numbers, birth dates, health plan information, in addition to diagnoses and treatments.

The statement revealed that the hospital not only failed to notify Archive Data Solutions of the sensitive information stored on the files, but did not establish if the contractor had the proper security measures in place to protect the information, thus violating the federal Health Insurance Portability and Accountability Act (HIPAA).

"We appreciate that the Attorney General has recognised the steps we've taken to enhance our data-security systems and hope to be able to serve as a source of information about best practices for other health care providers,” said Richard H. Aubut, South Shore Hospital president and chief executive officer.

Data security law enforcement has been on the rise and fines have been prevalent, as is the case with a recent settlement involving BlueCross BlueShield of Tennessee.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


US hospital fined $750,000 following data breach
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1841

Vote
Do you support the abolition of the Office of the Information Commissioner?