A data breach faced by New Hampshire-centered Multi-State Billing Services (MBS) has led to a $100K resolution with the MA attorney general’s organization.
MBS is a Medicaid invoicing organization that offers processing facilities for 13 public school regions in Massachusetts – Whitman-Hanson Regional, Wareham, Uxbridge, Truro, Sutton, Plainville, Northborough-Southborough Regional, Norfolk, Nauset Public Schools, Milford, Foxboro Regional Charter, Bourne, and Ashburnham-Westminster Regional.
In 2014, MBS knew that an unencrypted, password-protected laptop having the confidential personal information of Medicaid receivers had been stolen from a company worker. Data stowed on the device contained names, Medicaid numbers, Social Security numbers, and birth dates. As a consequence of the laptop thievery, over 2,600 Massachusetts kids had their confidential information disclosed.
After the data breach, MBS informed all impacted people and offered to refund charges linked to safety freezes for 3 years after the breach. Safety was also improved, including the use of encryption on all moveable computers utilized to save the confidential information of Medicaid receivers.
The Massachusetts attorney general’s bureau probed the breach and concluded that inadequate safeguards had been used to make sure this kind of breach didn’t happen. According to state law, firms doing business in Massachusetts should take “practical measures to protect the personal information from illegal use or access.” Had those steps been carried out before the laptop thievery, a breach of confidential information might have been averted.
Particularly, MBS did not develop, apply, as well as maintain a written safety information program, and didn’t make sure confidential personal information stowed on moveable electronic apparatuses was encrypted. MBS also didn’t educate staff how to practically protect personal information.
A consent ruling against MBS was gotten by Maura Healey, Massachusetts Attorney General. That ruling compels MBS to pay a fiscal fine and develop, apply, and maintain a complete information safety program and teach staff how to manage and protect personal information.
Attorney general Healey stated, “This settlement makes sure that this company applies the required safeguards so this kind of breach never takes place once more and sends a strong message concerning the significance of protecting the confidential information of kids and others.”