May 24, 2022

Volume XII, Number 144

Advertisement
Advertisement

May 24, 2022

Subscribe to Latest Legal News and Analysis

May 23, 2022

Subscribe to Latest Legal News and Analysis

Another State-Lead Data Breach Action Results in High Fines and Strict Compliance Requirements

Massachusetts Attorney General Maura Healey and Multi-State Billing Services (MSB), a Medicaid billing company that provided processing services for 13 public schools, signed a no-fault consent judgment settling a 2014 data breach resulting from a stolen laptop that put 2,618 children at risk for identity theft and fraud.   The MSB laptop contained unencrypted personal information, including names, social security numbers, Medicaid identification numbers and birth dates.

The settlement requires MSB to pay $100,000 and implement improved security practices after an investigation by the attorney general’s office determined it violated state consumer protection and data security laws.  More specifically, the judgment requires MSB to continue to develop, implement and maintain a written and comprehensive information security program and review and update its existing policies and procedures for compliance with data security laws.  It must also train its staff on how to protect personal information and regularly report on its compliance with such requirements to the state attorney general’s office.

“This settlement ensures that this company implements the necessary protections so this type of breach never happens again and sends a clear message about the importance of safeguarding the sensitive information of children and others,” said Massachusetts Attorney General Maura Healey in a press statement.

The settlement comes on the heels of a $2 million no-fault settlement in California that we recently covered in a previous blog post.  The current uptick in state-level enforcement suggests an active commitment to health care security by the various attorneys general and encourages covered entities and business associates alike to address their vulnerabilities to avoid such high cost settlements.

© 2022 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume VII, Number 347
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Sumaya Noush, Drinker Biddle Law Firm, HealthCare Attorney
Associate

Sumaya Noush counsels health care clients on strategic and operational matters including transactions, corporate governance, and regulatory compliance. She helps her clients navigate the daily challenges of running their operations while identifying opportunities for growth in today’s rapidly evolving and highly competitive health care market.

Sumaya previously served as a law clerk for Drinker Biddle, an instructor at Yale’s Bioethics Institute where she taught a seminar on FDA law and medical ethics, and a Visiting Scholar at...

312-569-1268
Advertisement
Advertisement
Advertisement