DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Boston Children’s Hospital Settles Data Breach Allegations

Posted on December 19, 2014 by Dissent

There’s an update to an incident involving a lost laptop with PHI on over 2,100 patients at Boston Children’s Hospital. Massachusetts Attorney General Martha Coakley, who has been one of the most active state attorneys general in terms of pursuing breaches, issued the following press release:

Boston Children’s Hospital (BCH) has agreed to pay $40,000 and take steps to prevent future security violations following allegations related to a data breach that affected patient information, Attorney General Martha Coakley announced today.

The consent judgment, entered today in Suffolk Superior Court, alleges that BCH failed to protect the personal information and protected health information of more than 2,000 patients.

“Healthcare providers must ensure that the privacy and security of sensitive patient information is protected,” AG Coakley said. “Today’s settlement will put in place and enforce important technological and physical security measures at Boston Children’s Hospital to help prevent a breach like this from happening again.”

According to the complaint against BCH, an unencrypted, BCH-issued laptop was stolen from a BCH physician while he was presenting at a May 2012 conference in Buenos Aires.  Before the laptop was stolen, the physician received an email from a colleague containing the protected health information of 2,159 patients including names, dates of birth, diagnoses, procedures, and dates of surgery. More than 1,700 patients were under the age of 18.

The physician took steps that he thought were adequate to remove the protected health information from the laptop. However, the information from the email remained on the laptop and despite BCH’s written policies, encryption software was not installed prior to the incident.

Under the terms of the consent judgment, BCH will pay $40,000, including a $30,000 civil penalty and a payment of $10,000 to a fund administered by the AG’s Office for educational programs concerning the protection of personal information and protected health information.

BCH will also take steps to ensure future compliance with state and federal data security laws and regulations, including properly tracking all portable devices such as laptops, encrypting and physically securing those portable devices, and training its workforce on the proper handling of personal information and protected health information. The hospital will also continue a review and audit of security measures and take corrective measures recommended in the review.

The lawsuit was filed under the Massachusetts Consumer Protection Act and the federal Health Insurance Portability and Accountability Act, as amended by the Health Information Technology for Economic and Clinical Health Act.

The AG’s Office is focused on ensuring that health care entities abide by the state and federal data privacy requirements to protect personal information and protected health information. Recent efforts include a 2012 settlement with South Shore Hospital for $750,000, a 2013 settlement with medical billing company Goldthwait Associates and its client pathology groups, and a $150,000 settlement with Women and Infants Hospital of Rhode Island in July 2014.

Most recently, on Nov. 20, 2014, Beth Israel Deaconess Medical Center agreed to pay $100,000 in a settlement with the AG’s Office after it allegedly failed to protect the personal and protected health information of nearly 4,000 patients and employees.

The BCH matter is being handled by Assistant Attorney General Shannon Choy-Seymour of AG Coakley’s Health Care Division.

 

No related posts.

Category: Uncategorized

Post navigation

← FBI Update on Sony Investigation
Presidian Hotels & Resorts releases information about data breach investigation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.