Analecta Cyber Company Blog: $100k Settlement over Data Breach

2015-09-06

$100k Settlement over Data Breach

A settlement has been reached between Visionworks LLC and the Maryland Associate General in connection with a data breach that exposed the private health information of 112,627 people. An estimated 72,000 victims lived in Maryland. Visionworks LLC will pay a $100,000 fine to the state for the data security breach. The breaches were classified as the result of a lost server, which exposed 74,944 records, and another from a network server theft exposing 47,683 records. The breaches possibly exposed names, addresses, dates of birth and even purchasing histories of patients. Reports stated that Visionworks was upgrading to encrypted servers but then failed to secure the old servers, which is a breach of the HIPAA security rules requiring physical safeguards for PHI security. The state’s Office of the Attorney General Consumer Protection Division entered into a settlement agreement with Visionworks LLC and ensured proper implementation of the disposal. “This case should put businesses on notice that they need to be vigilant on behalf of their customers”, Attorney General Brian E. Frosh warned companies doing business in Maryland. Aside from the monetary fine, the company must implement various new security measures to ensure data is safe. However, the financial penalty may add up considering about 50,000 other individuals, mostly living in Pennsylvania, were also affected but not covered by the settlement.

More information can be found at: http://www.hipaajournal.com/visionworks-agrees-to-100k-data-breach-settlement-with-maryland-ag-8075/