Business
    Next Score View the next score

    Beth Israel fined $100,000 for patient data breach

    Beth Israel Deaconess Medical Center will pay $100,000 after a physician’s laptop holding personal information for nearly 4,000 patients and employees was stolen in 2012.
    Steven Senne/AP
    Beth Israel Deaconess Medical Center will pay $100,000 after a physician’s laptop holding personal information for nearly 4,000 patients and employees was stolen in 2012.

    Beth Israel Deaconess Medical Center agreed to pay $100,000 to settle a complaint by the Massachusetts attorney general’s office that its lax data security led to the theft of personal information of about 4,000 patients and employees.

    In May 2012, a physician’s unattended laptop was stolen from his desk at the hospital. The laptop contained health information of 3,796 patients and Beth Israel employees, as well as personal information, such as Social Security numbers, of 194 other Massachusetts residents. The attorney general’s office argued the hospital’s lack of security and failure to encrypt patient data was against the law.

    “The healthcare industry’s increased reliance on technology makes it more important than ever that providers ensure patients’ personal information and protected health information is secure,” said Attorney General Martha Coakley.

    Advertisement

    Dr. John Halamka, chief information officer at Beth Israel Deaconess, said the hospital has since improved its security procedures.

    Get Talking Points in your inbox:
    An afternoon recap of the day’s most important business news, delivered weekdays.
    Thank you for signing up! Sign up for more newsletters here

    “After this incident, we worked closely with the federal and state governments, as well as security industry experts, to ensure that [the hospital] adopts state-of-the-art security policies and technologies,” Halamka said in a statement. “Every device we purchase is encrypted before it is used, and every employee must attest on an annual basis that his or her personal devices are also encrypted.”

    Beth Israel is not the first hospital to be penalized for poor data security by Coakley’s office. Earlier this year, Women and Infants Hospital of Rhode Island agreed to pay $150,000, and South Shore Hospital settled a suit by the Attorney General for $750,000 in 2012.

    Jack Newsham can be reached at jack.newsham@globe.com. Follow him on Twitter @TheNewsHam.