Corporate Compliance

Boston area hospital to pay $750,000 for data breach

Compliance Monitor, May 30, 2012

Failing to keep confidential information secure will cost South Shore Hospital in Weymouth, Mass., $750,000, according to a press release from the Massachusetts Attorney General’s Office.

South Shore Hospital allegedly failed to protect confidential information, including individuals' names, Social Security numbers, financial account numbers, and medical diagnoses.

In February 2010, South Shore Hospital shipped three boxes containing 473 unencrypted back-up computer tapes to contractor Archive Data Solutions, so that it could erase and resell the tapes. However, the hospital never informed Archive Data that the tapes contained personal, protected information and didn't make sure the vendor had sufficient safeguards in place to protect the information.

Multiple companies handled the boxes during shipping, and only one box arrived at its destination in June 2010. The other two boxes have not been recovered, although no one has filed a report of unauthorized use of the information.

Most Popular