Connect with us

Hi, what are you looking for?

Florida Government & Politics

Ashley Moody, State AGs Obtain Judgment in Community Health Systems Data Breach Investigation

At the time of the data breach, CHS owned, leased or operated 206 affiliated hospitals, including 37 located in Florida. Information exposed in the breach included the addresses, birthdates, names, phone numbers and Social Security numbers of patients.

Last week, Attorney General Ashley Moody, along with 27 other state attorneys general, obtained a judgment against Tennessee-based Community Health Systems, Inc., and its subsidiary, CHSPSC LLC. This judgment resolves an investigation of a data breach that impacted approximately 6.1 million patients, including more than 430,000 from the state of Florida.

At the time of the data breach, CHS owned, leased or operated 206 affiliated hospitals, including 37 located in Florida. Information exposed in the breach included the addresses, birthdates, names, phone numbers and Social Security numbers of patients. The judgment, agreed to by CHS, requires a $5 million payment to the states and provides that CHS agrees to implement and maintain a comprehensive information security program reasonably designed to safeguard personal information and protected health information that will include specific information security requirements.

“Health care patients are routinely asked to reveal personal information in the course of treatment. The added stress surrounding a data breach exposing personal information can be overwhelming. I’m glad we were able to provide relief to the more than 430,000 Floridians impacted by the negligent actions of this health care company,” Moody said on Thursday.

Specific information security measures contained in the agreed judgment include requirements to:

  • Develop a written incident response plan;
  • Incorporate security awareness and privacy training for all personnel who have access to protected health information;
  • Limit unnecessary or inappropriate access to protected health information; and
  • Implement specific policies and procedures regarding business associates, including use of business associate agreements and audits of business associates.

In addition to Florida, represented by Consumer Protection Division assistant attorney general Patrice Malloy, the multistate group includes Alaska, Arkansas, Connecticut, Illinois, Indiana, Iowa, Kentucky, Louisiana, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New Jersey, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Washington and West Virginia.

The proposed judgment is pending judicial approval.

 

Author

  • Florida Daily offers news, insights and analysis as we cover the most important issues in the state, from education, to business and politics.

    View all posts

Archives

Related Articles

Trending News

Watch Florida Senator Ashley Moody deliver her first speech as a U.S. Senator. Prior to her appointment to the Senate by Governor Ron DeSantis,...

Crime News

The Bankrate Financial Fraud Survey shows that the biggest increase in Americans falling prey to financial scams is younger people. Gen Zers (ages 18-28)...

Political News

President Donald Trump signed an Executive Order to abolish the U.S. Department of Education (DOE). Below is an overview of recent votes of involving...

Political News

In 2018, Florida’s Legislature passed a bill that gave the Florida Department of Environmental Protection (DEP) authority to begin the public rulemaking process to...

Advertisement
Florida Daily
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

HOW WE COLLECT E-MAIL INFORMATION:

If you sign up to subscribe to Florida Daily’s e-mail newsletter, you will provide us your e-mail address and name, voluntarily, and we will never obtain any of your contact information that you don’t voluntarily provide.

HOW WE USE AN E-MAIL ADDRESS IF YOU VOLUNTARILY PROVIDE IT TO US:

If you voluntarily provide us with your name and email address, we will use it to send you one email update per weekday. Your email address will not be given to any third parties.

YOUR CONTROLS:

You will have the option to unsubscribe to our E-mail update at anytime by clicking an unsubscribe link that will be provided in each E-Mail we send.