Beth Israel Deaconess Medical Center in Boston will pay $100,000 in penalties and fines after personal information was stolen from nearly 4,000 employees and patients during a security breach, Massachusetts Attorney General Martha Coakley announced on Friday.
The civil judgment stems from the May 2012 theft of a doctor's laptop containing information on 3,796 patients and employees. Although the hospital had not issued the laptop, it contained such information as patients' and employees' names, medical information and social security numbers. The laptop was not encrypted. The hospital didn't inform the affected patients and employees about the security issue until August 2012.
“The health care industry’s increased reliance on technology makes it more important than ever that providers ensure patients’ personal information and protected health information is secure,” Coakley said. “To prevent breaches like this from happening, hospitals must put in place and enforce reasonable technological and physical security measures.”
The hospital plans to take measures to track all personal devices, such as laptops, that could be used for patient information and encrypt these devices. They also plan to train their employees on better procedures.