Physical Computer Theft at Advocate Health Care Network Leads to Massive Patient Record Compromise
One of the nation’s biggest health-care systems has agreed to pay the largest settlement ever by a single entity for potential violations of federal patient privacy law, related to breaches that compromised the electronic data of 4 million patients. Two of the breaches involved the theft of actual computers at a physicians’ group. While fines will be paid, this serves as a reminder that Safety & Security is not just for corporate America, but for individuals as well.
Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment locations in Illinois, will pay $5.55 million to the U.S. Health and Human Services Department as part of the settlement announced by HHS on Thursday.
Advocate Health Care, which remains under investigation for the data breaches at a subsidiary by the Illinois Attorney General’s office, also will be required to adopt a corrective action plan for its data security. The breaches, two of which involved thefts of computers, occurred at a physicians’ group that is the largest in the Chicago area. The patient records compromised included people’s names, addresses, dates of birth, credit card numbers with expiration dates, as well as demographic information, clinical information and health insurance information, according to HHS. Advocate Health Care said there “continues to be no indication that the information was misused.”
Source: Huge data breach at health system leads to biggest ever settlement
