Dive Brief:
- Boston Children's Hospital failed to protect the health information of more than 2,100 patients—about 1,700 of whom were children—and has agreed to pay $40,000 plus take steps to boost its patient data security system.
- The data, which included names, birth dates, diagnoses and surgery dates, resided on a hospital-issued unencrypted laptop stolen from a doctor on official business in Argentina in May 2012.
- Under the terms of the settlement, the hospital will pay a $30,000 civil penalty and a payment of $10,000 to a state fund for educational programs on protected health information.
Dive Insight:
With all of the healthcare data breaches that occur because of stolen laptops, it's a wonder physicians even carry them at all. But in this case, taking simple measures to encrypt data would have prevented the costly error.
Following the incident, the hospital vowed, in a statement that "every device that is issued by Boston Children's is encrypted before it is used, and every employee must attest on an annual basis that his or her personal devices are also encrypted."
A new report from Experian concludes that data breaches are "persistent and growing" and could reach $5.6 billion next year.
