DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Boston Children’s Hospital Settles Data Breach Allegations

Posted on December 19, 2014 by Dissent

There’s an update to an incident involving a lost laptop with PHI on over 2,100 patients at Boston Children’s Hospital. Massachusetts Attorney General Martha Coakley, who has been one of the most active state attorneys general in terms of pursuing breaches, issued the following press release:

Boston Children’s Hospital (BCH) has agreed to pay $40,000 and take steps to prevent future security violations following allegations related to a data breach that affected patient information, Attorney General Martha Coakley announced today.

The consent judgment, entered today in Suffolk Superior Court, alleges that BCH failed to protect the personal information and protected health information of more than 2,000 patients.

“Healthcare providers must ensure that the privacy and security of sensitive patient information is protected,” AG Coakley said. “Today’s settlement will put in place and enforce important technological and physical security measures at Boston Children’s Hospital to help prevent a breach like this from happening again.”

According to the complaint against BCH, an unencrypted, BCH-issued laptop was stolen from a BCH physician while he was presenting at a May 2012 conference in Buenos Aires.  Before the laptop was stolen, the physician received an email from a colleague containing the protected health information of 2,159 patients including names, dates of birth, diagnoses, procedures, and dates of surgery. More than 1,700 patients were under the age of 18.

The physician took steps that he thought were adequate to remove the protected health information from the laptop. However, the information from the email remained on the laptop and despite BCH’s written policies, encryption software was not installed prior to the incident.

Under the terms of the consent judgment, BCH will pay $40,000, including a $30,000 civil penalty and a payment of $10,000 to a fund administered by the AG’s Office for educational programs concerning the protection of personal information and protected health information.

BCH will also take steps to ensure future compliance with state and federal data security laws and regulations, including properly tracking all portable devices such as laptops, encrypting and physically securing those portable devices, and training its workforce on the proper handling of personal information and protected health information. The hospital will also continue a review and audit of security measures and take corrective measures recommended in the review.

The lawsuit was filed under the Massachusetts Consumer Protection Act and the federal Health Insurance Portability and Accountability Act, as amended by the Health Information Technology for Economic and Clinical Health Act.

The AG’s Office is focused on ensuring that health care entities abide by the state and federal data privacy requirements to protect personal information and protected health information. Recent efforts include a 2012 settlement with South Shore Hospital for $750,000, a 2013 settlement with medical billing company Goldthwait Associates and its client pathology groups, and a $150,000 settlement with Women and Infants Hospital of Rhode Island in July 2014.

Most recently, on Nov. 20, 2014, Beth Israel Deaconess Medical Center agreed to pay $100,000 in a settlement with the AG’s Office after it allegedly failed to protect the personal and protected health information of nearly 4,000 patients and employees.

The BCH matter is being handled by Assistant Attorney General Shannon Choy-Seymour of AG Coakley’s Health Care Division.

 


Related:

  • Maintenance Note
  • CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
  • System Status Note
  • System Status Note
  • Fraudster's fake data breach claims should remind media to be careful what we report
  • "Pompompurin" taken into custody after violating conditions of pre-sentencing release on bond (1)
Category: Uncategorized

Post navigation

← FBI Update on Sony Investigation
Presidian Hotels & Resorts releases information about data breach investigation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.