BOSTON — A consent judgment has been filed in Massachusetts' Suffolk Superior Court to settle claims by the state Attorney General Maura Healey that two health care systems' data breaches resulted in exposing 15,000 Massachusetts residents personal and health information.
According to the Attorney General's Office, UMass Memorial Health Group inc., and UMass Memorial Medical Center Inc., will pay $230,000 as part of the settlement for two separate data breaches. The data was accessed by two former UMass Medical and UMass Memorial employees and used for fraudulent operations such as opening cell phone accounts and credit card accounts, the Attorney General's Office said.
“Massachusetts residents rely on their health care providers to keep private health information safe and secure,” Healey said in a statement. “This resolution ensures UMass Memorial implements important measures to prevent this type of breach from happening again.”
The Attorney General's Office allegations stem from an investigation that alleges UMass Memorial and UMass Medical Center knew of their employees' misconduct but did not properly investigate, discipline or take steps to safeguard the patient's information.
The settlement also includes the health care systems conducting employee background checks, ensuring proper training on the handling of patient information, identifying potential data security issues as well as hiring a third party firm to review the health care system's data security policies and procedures, according to Healey's office.