Women & Infants Hospital of Rhode Island will pay $150,000 to settle data breach allegations that affected more than 12,000 Massachusetts patients.
Attorney General Martha Coakley announced that the breach was reported to her office in November 2012, and included patients’ names, dates of birth, Social Security numbers, dates of exams, physicians’ names, and ultrasound images.
The consent judgment was approved July 22 in a Suffolk Superior Court.
According to Coakley:
“This data breach put thousands of Massachusetts consumers at risk, and it is the hospital’s responsibility to ensure that this type of event does not happen again.”
WIH first realized in 2012 it was missing 19 unencrypted back-up tapes from two of its Prenatal Diagnostic Centers, one located in Providence and the other in New Bedford. The tapes had personal information of 12,127 Mass. residents.
Due to “deficient employee training and internal policies,” Coakley said the breach was not reported to the AG’s office nor consumers until fall of 2012.
According to the settlement, WIH will pay a $110,000 civil penalty, $25,000 for attorney’s fees and costs, and a payment of $15,000 to a fund to be used by the Attorney General’s Office to promote education concerning the protection of personal information and protected health information and a fund for future data security litigation.
Correction: A headline in an earlier version of this report incorrectly indicated that Women & Infants Hospital of Rhode Island would pay patients for the data breach.