Another Boston Hospital Pays Fine for Data Breach

The second major Boston hospital in as many months has reached a settlement agreement with the Massachusetts Attorney General's office over a data breach. 

Boston Children's Hospital joins Beth Israel Deaconess Medical Center in paying a fine to Massachusetts Attorney General Martha Coakley's office for a data breach that occurred in 2012. The fine to Boston Children's was $40,000. It includes a $30,000 civil penalty and a payment of $10,000 to a fund administered by the AG’s Office for educational programs concerning the protection of personal information and protected health information (PHI).

The breach occurred when a Boston Children's laptop was stolen from one of the hospital's physicians, who was presenting at a conference in Buenos Aires. The laptop contained an email containing the PHI of 2,159 patients including names, dates of birth, diagnoses, procedures, and dates of surgery. More than 1,700 patients were under the age of 18. There was no encryption software on the computer to prevent the PHI from being exposed. 

“Healthcare providers must ensure that the privacy and security of sensitive patient information is protected,” AG Coakley said. “Today’s settlement will put in place and enforce important technological and physical security measures at Boston Children’s Hospital to help prevent a breach like this from happening again.”

As part of the settlement, Boston Children's will install technology to track all portable devices such as laptops, as well as encrypt and physically secure them. They'll also institute employee training programs.