US hospital pays $750,000 in data breach case

A US hospital has agreed to pay US$475,000 (AU$481,871) to settle an ongoing court case surrounding allegations it failed to securely protect the sensitive data of more than 800,000 patients.

Massachusetts Attorney-General Martha Coakley announced the court's findings, which saw South Shore Hospital agree to pay $250,000 (AU$253,616) in civil penalties and $225,000 (AU$228,255) for the Attorney-General's office to establish an awareness campaign concerning data security and sensitive information.

Approving the judgment, Suffolk Superior Court also recognised the hospital's additional payment of $275,000 (AU$282,000) reflecting security measures it had taken.

The case surrounded data leakage from the hospital, after it attempt to erase the information from 473 unencrypted tapes containing the names, social security numbers, financial details and medical diagnoses of more than 800,000 patients.

Of three boxes sent to Archive Data Solutions for erasure and reselling in June 2010, only one was found to have arrived.

The Attorney-General said the hospital not only failed to notify Archive Data Solutions of the sensitive information stored on the files but did not establish if the contractor had the proper security measures in place to protect the information, violating US legislation.

"We appreciate that the Attorney-General has recognised the steps we've taken to enhance our data-security systems and hope to be able to serve as a source of information about best practices for other health care providers,” said Richard H. Aubut, South Shore Hospital president and chief executive officer.

Data security law enforcement has been on the rise and fines have been prevalent, as is the case with a recent settlement involving BlueCross BlueShield of Tennessee.

This article originally appeared at scmagazineus.com

Updated: Currency exchanges corrected.