Hospital Data Breach Affects 800,000
Key Facts
- Data breach affected 800,000 people
- Handled inquiries from state attorneys general and HHS
- Managed risk assessment under HIPAA and HITECH
The Situation
A major Massachusetts hospital sought counsel in connection with a data breach involving the loss of medical and financial records of approximately 800,000 patients, employees, doctors, and staff.
The Approach
A Mintz attorney defended the hospital against federal and state regulatory enforcement actions, class actions, and the pursuit of affirmative litigation against companies responsible for loss of the data. Throughout the investigation, Mark Robinson dealt with multiple state attorneys general’s offices, the Department of Health & Human Services, and then regulators. In addition, we managed risk assessments under the HIPAA and HITECH statutes, federal acts that restrict access to individuals’ private medical information.
The Outcome
The hospital successfully managed the crisis and avoided regulatory enforcement actions, class actions, and other adverse consequences. At the same time, the hospital established stricter risk management policies to prevent future data breaches.
Supporting Professionals
Mark Robinson advised this hospital through every stage of investigation, litigation, and risk assessment during and after the data breach.