WV to receive money in multistate settlement in hospital operator data breach

West Virginia

A stack of $100 bills (Nexstar, file)

CHARLESTON, WV (WOWK) – A $5 million, multistate settlement has been reached with a leading hospital operator related to an August 2014 data breach, according to West Virginia Attorney General Patrick Morrisey.

According to Morrisey, the settlement require Community Health Systems Inc. (CHS) to pay $5 million to the 27 states who are part of the settlement. The company would also need to impliment and maintain a comprehensive information security program designed to safeguard personal and protected health information.

“All consumers rely upon businesses, especially hospitals, to secure their sensitive personal, identifiable information,” Morrisey said. “Any company that breaks that trust must be held accountable. This settlement emphasizes the meticulous protocols consumers expect to protect their information from unlawful use or disclosure.”

When the breach happened, CHS owned, leased or operated 206 affiliated hospitals. The Attorney General’s office said this includes five entities in the Mountain State – Oak Hill Clinic Corp., Oak Hill Hospital Corp., Bluefield Clinic Company LLC, Greenbrier Valley Anesthesia LLC, Greenbrier Valley Emergency Physicians and Ronceverte Physician Group.

Morrisey says according to the company’s website, it controls more than 92 hospitals including Greenbrier Valley Medical Center of Ronceverte and Plateau Medical Center of Oak Hill.

The Attorney General’s office says the Mountain State will receive an allotment of $73,897 and the CHS patients in the state will benefit from the security protocols implemented as part of the settlement.

According to Morrisey, approximately 6.1 million patients across the country were impacted by the data breach, including 75,597 West Virginians. He says the incident exposed names, birthdates, Social Security numbers, phone numbers and patient addresses.

The security measures require the company and its subsidiary CHSPSC to incorporate security awareness and privacy training, develop a written incident response plan and limit unnecessary or inappropriate access to protected health information.

West Virginia, Kentucky, and Ohio were all part of the settlement, along with Alaska, Arkansas, Connecticut, Florida, Illinois, Indiana, Iowa, Louisiana, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New Jersey, North Carolina, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont and Washington.

For local and breaking news, weather alerts, video and more, download the FREE WOWK 13 News App from the Apple App Store or the Google Play Store.

Copyright 2020 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Download the FREE WOWK 13 News App

Washington DC Bureau

More Washington DC Bureau

Don't Miss

Trending Stories