Ipswitch Blog

No More Need For Hackers – Hospital Just Giving Away Your Private Data

| September 10, 2010 | Data Breach, Managed File Transfer, Secure File Transfer

Two months ago we posted about the massive data breach at South Shore Hospital in Weymouth, Massachusetts, “800,000 Reasons Why MFT is Important“.

Well, the drama and the headaches continue.

What originally happened was that computer files containing personal information of about 800,000 people, information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits had been misplaced, possibly lost or maybe even stolen.

Aspirin worthy.

On September 8th, 2010 Wickedlocal.com reported that “South Shore Hospital initially informed the Attorney General’s Office and the public that it would send individual written notice of the data breach to each affected consumer.”

Aspirin worthy, but the legal and responsible thing to do…that is until a brilliant idea occurred:

However, South Shore Hospital has informed the Attorney General’s Office that it does not plan to send individual written notice to affected consumers. Instead, South Shore Hospital has chosen to invoke a provision under state law to notify consumers through the ‘substitute notice’ process, which means rather than receiving individual letters at their homes, consumers who are affected by the breach will be generally notified of the data loss through a posting on South Shore Hospital’s website, publication in newspapers throughout the Commonwealth, and by e-mail for those consumers for whom South Shore Hospital has e-mail addresses.”

So the move here is that to notify the people who’s data they lost, they’ll put that information in a place where everyone can see it. Isn’t that counter-intuitive? 

In a related story on Healthdatamanagement.com – Joseph Goedert reports that:

Massachusetts Attorney General Martha Coakley ‘has objected to South Shore Hospital’s revised notification plans and maintains that affected consumers should receive individual notification as originally represented by South Shore Hospital in its prior public announcements concerning the data loss,’ according to a statement from her office.”

What are your thoughts on how South Shore Hospital is handling this? Am I the only one reaching for the Anacin?

Preventing Alarm Storms

Preventing Alarm Storms from Striking Your Network and Distracting You

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.