Back in June 2008, the University of Utah Hospitals and Clinics revealed that a backup tape containing billing records, medical codes, and Social Security numbers on 2.2 million patients was stolen from the vehicle of one of their contractors, Perpetual Storage. The tape was returned a month later after those receiving the stolen tapes understood what they had, and in December 2008, they were offered a plea deal.
Today, Stephen Hunt reports in the Salt Lake Tribune:
[…]
The U. spent about $500,000 notifying patients of the potential for identity theft, and offered free credit monitoring.
[…]
A judge sentenced Thomas Howard Anderson, one of two men charged with felony counts of receiving stolen property and possession of another’s identification documents, to probation and 60 days in jail. A restitution hearing for Anderson, 53, is pending.
The judge set restitution at $500 for co-defendant Shadd Dean Hartman, 38, who was sentenced to a year in jail. Prosecutor Matthew Lloyd said that amount covers the cost of the custom metal case, the only thing of interest to Hartman.
Jail time? That wasn’t part of the plea deal. I wonder what happened. And if the U. spent $500,000 in breach costs, why aren’t they ordered to pay more in restitution? Or is this because they are just the receivers of the stolen property and not the thief?