Data breaches expose no-teeth regulations

Massachusetts General Hospital says it is trying to contact 9,900 individuals who were either patients or participants in neurological studies about a third-party privacy breach that occurred in June for a six-day period. Information accessed included medical record numbers, medical history, participant’s names, demographic information, and genetic information. Hospital representatives say law enforcement has been notified, and an investigator is working to beef up security for the breached databases.

But the damage is done, and has been done before.

Hospitals and health systems are operating in the Wild West when it comes to consumer protection, bypassing precautionary measures but facing only financial slaps on the wrist for data breaches. The Boston Globe has a not-complete list of some similar incidents with Cambridge Health Alliance, McLean Hospital in Belmont, and even another MGH breach in 2016 that left 4,600 dental patients at risk.

There are long-standing consumer protection rules that focus on data breaches. Those involve the storage, maintenance, processing and communication of data, who has access to it, and how it is destroyed.

When it comes to health care data, patients are protected by a blanket of regulations. There is the Consumer Protection Act, Massachusetts Data Security Law, and Health Insurance Portability and Accountability Act, which hold businesses accountable when they fail to properly secure individuals’ data.

There is also Attorney General Maura Healey’s Data Breach Reporting Online Portal, which businesses can use to provide notice of a breach to her office.

But despite the bevy of regulations, hospital after bank (hello, Capital One) after credit reporting agency (looking at you, Equifax) have exposed billions of personal records.

At the hospitals that dot the state from Pittsfield to Martha’s Vineyard, the concern is particularly acute.

Often, a hospital with a data breach will be slapped with a lawsuit, and fine for each violation of the consumer policy. The state Office of Consumer Affairs and Business Regulation (OCABR), is tasked with helping businesses seeking to report a data breach.

Depending on who knew what, and when, a hospital may be sued by Healey, as in the 2018 case where UMass Memorial Medical Group and UMass Memorial Medical Center Inc. paid a settlement of $230,000 to resolve claims concerning data breaches exposing information of more than 15,000 patients. UMass Memorial was required to hire a third-party firm to review its data policies and procedures, reporting back to Healey’s office.

Emerson Hospital in Concord had to send letters to more than 6,000 patients just a few months ago alerting them of a cybersecurity attack almost a year before. In that case, a company that helped the hospital collect payments sent patient files to an unauthorized third party. You would think that paying the high price of Massachusetts health care would at least mean that your information could be secure.

While OCABR may be willing to dole out advice to help businesses report breaches, and help consumers to deal with them, you have to wonder if there are further preventive measures that can be taken. You can have all the regulations in the world, but if they have no teeth, can they really be effective? Could something like yearly third-party reviews of  hospitals’ security systems be worth considering?

There are no less than five bills pending on Beacon Hill involving data breach notifications, and at least one involving electronic health records.

Nationwide, health care data breaches hit a record high in April, when providers, health plans and their business associates reported 44 data breaches to the feds, according to Modern Healthcare. In March and April of this year, over 1.5 million people had their data compromised at health care facilities.



Anne Lynch, the Beacon Hill lobbyist now facing federal charges along with the former head of the State Police union, had a reputation as a hard-charging advocate who “knew how to throw some words around — the f-bombs.” (Boston Globe)


The Globe follows a strong column yesterday by Joan Vennochi with an editorial that rips 10 Boston city councilors for condemning recent federal extortion convictions of two top aides to Mayor Marty Walsh. ”That a majority of the Boston City Council can’t tell the difference between extortion — which involved in this case putting a business in fear — and advocating for constituents is appalling and perhaps tells us more than we may want to know about how they conduct business,” says the paper. A Herald editorial calls the council position “clueless.”

There is a strong stench of trouble in Lynn, where Kettle Cuisine’s production of soup for restaurants and other food retailers led to a closed-door meeting yesterday of company brass, city officials, and state state environmental personnel trying to figure out what to do about rampant complaints of onion and garlic odors emanating from the operation. (Daily Item)

A new sign at a South Dartmouth historic site is eliciting complaints that it ignores — even erases — the Native American view of what happened there during the period known as King Philip’s War. (Standard-Times)

After a record of drunkenness and lawlessness culminating most recently in an August 5 arrest, Peg Leg Inn manager Michael Welcome has been ordered off the Rockport property. (Gloucester Daily Times)


The Justice Department sent immigration court employees an article posted on a white nationalist website that attacks sitting judges with anti-semitic and racial slurs, according to a letter sent by an immigration judges’ union and obtained by BuzzFeed News.

Marthe Cohn, a 99-year-old former spy for the Allies in World War II, spoke for two hours in Haverhill about how she was at first paralyzed with fear, but then succeeded in her mission to extract crucial military intelligence from behind Nazi lines. (Eagle-Tribune)

Barack and Michelle Obama are buying a nearly 7,000-square-foot compound on Martha’s Vineyard. (MassLive) 


Rep. Seth Moulton is dropping out of the Democratic presidential race. (Boston Globe)

US Rep. Joseph Kennedy III, who is reportedly considering a run against Sen. Edward Markey, will be back in the public eye next week, according to his schedule. (CommonWealth)

CommonWealth alum Gabrielle Gurley weighs in from Washington on a potential Markey-Kennedy Senate primary. (The American Prospect)

John Delaney, a former congressman running for president, thinks moderates will start to come around to his message, but he’s not ruling out a potential run for governor of Maryland in three years. (WGBH)


The idea of a “free market economy that serves all Americans,” which is getting a big boost from  national business organization, has its roots in a 2011 article by Harvard Business School professor Michael Porter and consultant Mark Kramer. (Boston Globe)


MIT president L. Rafael Reif said the school received about $800,000 in donations from foundations controlled by Jeffrey Epstein — who was facing charges of sex trafficking minors when he committed suicide this month in jail —  and offered a “profound and humble” apology to victims for playing a role in elevating Epstein’s reputation. (Boston Globe)

The Herald News has an update on what construction of the roughly $260 million new Durfee High School in Fall River means for returning students, who will be taking classes next door in the older Durfee building.


Todd Brown, of Northeastern University and the Massachusetts Independent Pharmacists Association, says pharmacy benefit managers and insurers are driving up health care costs. (CommonWealth)


A new documentary by Colombian filmmaker and Jamaica Plain resident Monica Cohen celebrates Boston’s “Latin Quarter.” (Bay State Banner)

David Armstrong learned the art of forging metal later in life, a role he cherishes daily as the resident blacksmith of the Marshfield Fair. (Patriot Ledger) 


Boston’s congestion can be and probably is hazardous to your health. Phillip Levendusky of McClean Hospital explains. (CommonWealth)

Is a faster, affordable commuter rail trip between Providence and Boston possible? (Boston Globe)

Officials are mounting a public safety awareness campaign about grade-level railroad crossings in the Northampton area, where new service between Springfield and Greenfield is increasing the number of trains passing through the area. (Daily Hampshire Gazette)


Members of the Massachusetts Lobstermen’s Association urged federal regulators Wednesday to take Canada to task for its failure to protect North Atlantic right whales and to remember that local lobstermen carry a heavier burden of regulation than others in US waters. (Cape Cod Times) 


A year after the opening of MGM Springfield, business owners assess how the casino has impacted the area. (MassLive) 


A Dorchester man said a driver of a Jeep Wrangler called him the n-word and then rammed him with the vehicle, breaking his leg, outside Marina Bay in Quincy on Sunday morning. (WBUR)

After constables tased and arrested Shawn Carmack in Lowell on behalf of Methuen police, Lowell Mayor William Samaras said the process-servers are acting like bounty hunters and Lowell Police Superintendent Raymond Kelly Richardson said it is a “recipe for disaster.” (Lowell Sun)

A federal judge dismissed an excessive force lawsuit against Pittsfield Police Chief Michael Wynn and former officer Dale Eason because there was no proof the defendants had been served. (Berkshire Eagle)

A former Abington town employee, Don Williams, has pleaded guilty to sexually assaulting a member of the Board of Health and the board’s secretary, striking a deal with prosecutors that avoids jail time but requires him to register as a sex offender. (Brockton Enterprise) 

After talking to witnesses and viewing video, Great Barrington police decided not to file charges against a driver who hit a teenager on a skateboard in a crosswalk. (Berkshire Eagle)

Thomas Aldonis, a former Millbury substitute teacher who brought bullets to school and allegedly had unsecured weapons at home, will serve pre-trial probation before his case is heard. (Worcester Telegram)


David Koch, who made up half of the infamous billionaire Koch brothers, who have pumped millions of dollars into right-wing causes, died at age 79. (New York Times)