Things seem to be getting increasingly ugly between the City of Milwaukee and Froedtert Community Health/Workforce Health after the Dynacare breach mentioned previously on this blog. The city council voted to delay implementation of Phase 2 of its wellness program for employees that was to have been operated by Froedtert Community Health/Workforce Health. The city is also grumbling and threatening litigation against Froedtert if it doesn’t get more cooperation from them on the breach investigation.
Brandon Cruz has the story, and it’s a useful reminder that if your vendor or business associate screws up or otherwise fails to comply with security protections in your contract, you may wind up losing the good will – and business – of your clients. In this case, I do not know what Froedtert’s contract with Dynacare called for in the way of encryption on portable devices or whether there was even a contract in place. Inquiries sent to Froedtert last night and again today were not responded to.
Froedtert’s alleged lack of cooperation with the city is also problematic, as you might think they’d want to distance themselves from Dynacare by aligning with the city as a fellow victim. But Froedtert reportedly has an ownership interest in Dynacare, even though the operations of the latter are overseen by LabCorp. One of the questions in the inquiry Froedtert did not respond asked whether Froedtert’s ownership interest was influencing their cooperation with the city.
While I hate to use the old “If you have nothing to hide…” line, it’s tempting to apply it here. Certainly Froedtert’s breach response is not what their client expected and demanded after the breach. Froedtert was also asked whether they felt they had given Milwaukee full cooperation in the breach investigation, or what Milwaukee was demanding that they had not provided. Sadly that question went unanswered, too.