CHARLESTON, WV (WOWK) – A $5 million, multistate settlement has been reached with a leading hospital operator related to an August 2014 data breach, according to West Virginia Attorney General Patrick Morrisey.
According to Morrisey, the settlement require Community Health Systems Inc. (CHS) to pay $5 million to the 27 states who are part of the settlement. The company would also need to impliment and maintain a comprehensive information security program designed to safeguard personal and protected health information.
“All consumers rely upon businesses, especially hospitals, to secure their sensitive personal, identifiable information,” Morrisey said. “Any company that breaks that trust must be held accountable. This settlement emphasizes the meticulous protocols consumers expect to protect their information from unlawful use or disclosure.”
When the breach happened, CHS owned, leased or operated 206 affiliated hospitals. The Attorney General’s office said this includes five entities in the Mountain State – Oak Hill Clinic Corp., Oak Hill Hospital Corp., Bluefield Clinic Company LLC, Greenbrier Valley Anesthesia LLC, Greenbrier Valley Emergency Physicians and Ronceverte Physician Group.
Morrisey says according to the company’s website, it controls more than 92 hospitals including Greenbrier Valley Medical Center of Ronceverte and Plateau Medical Center of Oak Hill.
The Attorney General’s office says the Mountain State will receive an allotment of $73,897 and the CHS patients in the state will benefit from the security protocols implemented as part of the settlement.
According to Morrisey, approximately 6.1 million patients across the country were impacted by the data breach, including 75,597 West Virginians. He says the incident exposed names, birthdates, Social Security numbers, phone numbers and patient addresses.
The security measures require the company and its subsidiary CHSPSC to incorporate security awareness and privacy training, develop a written incident response plan and limit unnecessary or inappropriate access to protected health information.
West Virginia, Kentucky, and Ohio were all part of the settlement, along with Alaska, Arkansas, Connecticut, Florida, Illinois, Indiana, Iowa, Louisiana, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New Jersey, North Carolina, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont and Washington.