Weymouth, MA — May 24, 2012 —South Shore Hospital today reached agreement with the Commonwealth of Massachusetts Attorney General’s Office regarding the loss of back-up computer files. The file loss occurred two years ago in 2010, was widely publicized at the time, and has not resulted in any reported incidents of the data having been accessed or used by anyone.
The resolution comes at the conclusion of a two-year review by the Attorney General’s Office. The terms of the agreement specify data-security protocols that South Shore Hospital must adopt, the vast majority of which the hospital already has implemented. The agreement also includes a $750,000 monetary settlement. The amount the hospital owes will be reduced by $275,000 for investments the hospital already has made in technology and data-handling upgrades. The balance of the penalty consists of a $250,000 regulatory enforcement payment and a $225,000 contribution to a data-security education fund.
South Shore Hospital publicly reported on July 19, 2010 that back-up computer files containing personal, health and financial information may have been lost by a professional data management company. The hospital had engaged the company to destroy the files, which were stored on computer tapes that were in a format no longer used. In September 2010, the hospital completed an investigation into the loss. All available evidence indicated that the back-up computer files were most likely disposed of in a secure commercial landfill and were therefore unrecoverable. In the two years since the back-up computer files were reported as missing, there remains no evidence that any information on the files has ever been accessed or used by anyone. The hospital’s original files remain protected and intact.
The hospital broadly communicated news about the file loss and its investigation findings in a variety of ways, including issuing news statements that resulted in print and broadcast news coverage throughout the region and publishing advertisements in local and statewide newspapers. The hospital also posted information for more than a year on its website, exhibited signs throughout the hospital and in various physician offices, and maintained a toll-free automated phone line to answer questions.
South Shore Hospital cooperated fully with the Attorney General’s Office, providing details about its data-management protocols, the back-up computer file loss, its investigation into the matter, and steps that were taken to keep the public informed.
“The state’s review has been comprehensive and thorough. We appreciate that the Attorney General has recognized the steps we’ve taken to enhance our data-security systems and hope to be able to serve as a source of information about best practices for other health care providers,” said Richard H. Aubut, South Shore Hospital president and chief executive officer.
Additional information about what happened to the back-up computer files is available by visiting South Shore Hospital’s website at http://www.southshorehospital.org.
South Shore Hospital is a 318-bed, not-for-profit, tax-exempt, charitable provider of acute, emergency, outpatient, home health, and hospice care to the people of Southeastern Massachusetts.
Sign up to receive our Community Magazine, e-Newsletters or program brochures.