South Shore Hospital to pay $750,000 to settle data breach charges
South Shore Hospital in South Weymouth will pay $750,000 to settle charges related to a 2010 data breach that compromised the personal information of more than 800,000 people, according to a release from the Massachusetts attorney general’s office.
The settlement, approved Thursday in Suffolk Superior Court, includes a civil penalty of $250,000 and $225,000 to pay for fund to be used by the attorney general’s office to promote education on the protection of personal data, the release said. South Shore Hospital was also credited for $275,000 it spent on security measures following the breach.
“Hospitals and other entities that handle personal and protected health information have an obligation to properly protect this sensitive data,’’ said Massachusetts Attorney General Martha Coakley in a press release. Coakley sued the hospital under state and federal laws that require secure storage of personal information collected by hospitals.
In February of 2010, the hospital contracted with Archive Data Solutions to erase and re-sell 473 data tapes containing information on 800,000 individuals. None of the data was encrypted, and so it could be read by anyone with the right equipment.
The hospital did not inform Archive Data that the tapes contained sensitive information. The tapes were shipped to a Texas subcontractor in three boxes, but the hospital later learned that only one of the boxes arrived.
South Shore Hospital did not immediately return a call for comment.
To comment, please create a screen name in your profile
To comment, please verify your email address
Conversation
This discussion has ended. Please join elsewhere on Boston.com