[BreachExchange] $5 Million settlement in hospital data breach

Destry Winant destry at riskbasedsecurity.com
Mon Oct 12 10:36:03 EDT 2020


https://www.wboy.com/news/5-million-settlement-in-hospital-data-breach/

Community Health Systems Inc. is to pay $5 million to 27 states after
a massive data breach in August 2014 that impacted approximately 6.1
million patients nationwide, including 75,597 consumers from West
Virginia.

West Virginia Attorney General Morrisey made the announcement Sunday,
Oct. 11, 2020.

According to the official Community Health Systems Inc. website. The
Tennessee-based company maintains control over just 92 hospitals,
including Greenbrier Valley Medical Center of Ronceverte and Plateau
Medical Center of Oak Hill.

At the time of the breach, CHS owned, leased or operated 206
affiliated hospitals, including five West Virginia entities – Oak Hill
Clinic Corp., Oak Hill Hospital Corp., Bluefield Clinic Company LLC,
Greenbrier Valley Anesthesia LLC, Greenbrier Valley Emergency
Physicians and Ronceverte Physician Group.

The CHS data breach exposed names, birthdates, Social Security
numbers, phone numbers and patient addresses.

Morrisey says as part of the settlement, West Virginia will receive
$73,897 and CHS patients in the state will benefit from the stringent
security protocols implemented.

The settlement also includes updates to security measures within the
settlement that require CHS and subsidiary CHSPSC LLC to incorporate
security awareness and privacy training, develop a written incident
response plan and limit unnecessary or inappropriate access to
protected health information.

The other state involved in this settlement includes Alaska, Arkansas,
Connecticut, Florida, Illinois, Indiana, Iowa, Kentucky, Louisiana,
Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New
Jersey, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island,
South Carolina, Tennessee, Texas, Utah, Vermont and Washington.


More information about the BreachExchange mailing list