South Shore Hospital Will Pay $750,000 To Settle Data Breach Allegations
South Shore Hospital will pay $750,000 to settle claims that it failed to protect consumers' confidential information, Attorney General Martha Coakley's office has announced.
In 2010, the South Weymouth hospital, using a data management company as a contractor, shipped out three boxes of unencrypted computer tapes to be erased, but only one box made it to its destination. The boxes contained information on 800,000 individuals.
Coakley's office said the information "included individual’s names, Social Security numbers, financial account numbers, and medical diagnoses."
There have been no reports of unauthorized use of patient information, according to the attorney general.
Coakley's office detailed the settlement:
The consent judgment approved today in Suffolk Superior Court includes a $250,000 civil penalty and a payment of $225,000 for an education fund to be used by the Attorney General’s Office to promote education concerning the protection of personal information and protected health information. In addition to these payments, the consent judgment credits South Shore Hospital for $275,000 to reflect security measures it has taken subsequent to the breach.
Update at 2:55 p.m.: South Shore spokeswoman Sarah Darcy spoke to the Boston Globe:
"[Since the breach,] we’ve actually put in a great deal of new measures to protect personal information. Everything — everything — is encrypted now."
This program aired on May 24, 2012. The audio for this program is not available.