California health system to pay $7.5M to patients in breach settlement
California-based St. Joseph Health System must pay $7.5 million in a class-action lawsuit after a breach in which the personal health data of more than 31,000 patients was made accessible online, according to a court document.
In January 2012 a St. Joseph patient, Danna Graewingholt, found her personal health information through a Google search. She notified the health system that her data and that of several thousand other patients was all available online.
Following Graewingholt's discovery, the health system sent letters to patients informing them that information such as diagnosis, active medication lists, lab results, smoking status, race, genders and birth dates was inadvertently made available online, according to the documents.
Individuals impacted were patients at a number of the health system's facilities, including but not limited to Mission Hospital Regional Medical Center, St. Jude Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital and Petaluma Valley Hospital Auxiliary.
St. Joseph must pay all patients whose medical information was accessible on the Internet at any point from Feb. 1, 2011, through Feb. 28, 2012, which will come out to about $242 per patient.
Other healthcare organizations have been hit in recent months with fines after breaches and data security incidents.
For instance, in December, the University of Washington Medicine paid $750,000 in a settlement with the Health and Human Services Department's Office for Civil Rights after a potential breach of patient information where an employee downloaded an attachment to an email that contained malware.
To learn more:
- here's the court document (.pdf)
Hospital pays $850,000 in stolen laptop settlement
University of Washington Medicine to pay $750K HIPAA settlement
Security experts on Anthem breach: The biggest threat lurks inside your company
OCR hits BCBS Puerto Rico affiliate with second largest HIPAA fine
eport: Healthcare cyberattacks occur almost monthly