Massachusetts Attorney General Martha Coakley reached a settlement with Boston Children’s Hospital on Friday over an alleged data breach of patients' private information.
A hospital-issued laptop was stolen from a physician attending a conference in Buenos Aires in May 2012. The unencrypted laptop contained an email sent by another physician with personal information on 2,159 patients, including minor children. The information ranged from diagnoses and dates of medical procedures to names and dates of birth.
Although the physician thought he had removed the email from the laptop, it remained accessible to the thieves.
As part of the settlement with the Commonwealth, Boston Children's Hospital will pay a $30,000 civil penalty, plus $10,000 to a fund that focuses on educational programs related to protection of personal and health information. The fund is administered by the attorney general's office.
In addition, the hospital must revise its policies and training programs to prevent future data breaches.
“Health care providers must ensure that the privacy and security of sensitive patient information is protected,” Coakley said. “Today’s settlement will put in place and enforce important technological and physical security measures at Boston Children’s Hospital to help prevent a breach like this from happening again.”