Data breach settlement costs $4 million to Stanford Hospital

March 22nd, 2014 by admin Leave a reply »


A class action lawsuit was filed for data breach that occurred back in 2009 for which Stanford hospital agreed to pay $4 for its settlement. California’s well-known Confidentiality of Medical Information Act (CMIA) was violated after 20,000 emergency room patients’ data became viewable in 2010 on a third-party student homework website.

CMIA prevents health care service providers from making patient records public without written consent. Los Angeles County Superior Court Judge Elihu Berle tentatively approved the settlement but final decision is yet to be finalized.

Shana Springer filed the class suit in 2011 for $20 million which comes around 100$ per patient. It was observed by the Stanford that data was breached when Multi-Specialty Collection Services sent the data to a third party for a graph which eventually landed on the dormant ‘Student of Fortune’ website.  Stanford maintained their stand that it had properly encrypted the patient data. Los Angeles-based Multi-Specialty Collection Services LLC is the contractor hired by the Stanford hospital.

Information like credit card information or Social Security numbers were not disclosed in the breach but medical record numbers, hospital account numbers, billing charges, as well as emergency room admission and discharge dates were available on the website.

After the incident, Stanford has proposed many remediations to protect crucial information from breach.  It will create a program dedicated to improving its security posture by training staff members. Training will be focused on policies to protect patient privacy.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply