A fertility clinic in New Jersey has agreed to pay the state approximately half a million dollars to settle an investigation regarding its role in a data breach that compromised the personal information of nearly 15,000 patients. The hack allowed unauthorized access to the protected health information of patients of the Diamond Institute for Infertility and Menopause, LLC (“Diamond”), which operates practices in the states of New Jersey and New York.
Last year, nearly 2 million accounts held by New Jersey residents were compromised by data breaches, which was a slight increase over the 1.8 million accounts that were compromised in 2019. Both figures are more than five times the total amount of data breaches in 2018.
Despite the fact that state and federal law require healthcare practices to establish safeguards to protect sensitive medical and client information, Diamond, according to the New Jersey Department of Community Affairs (“DCA”), removed technological and administrative safeguards that left patient information unprotected for nearly half a year. According to DCA, this included failing to encrypt data; ignoring proper procedures for changing, creating, and safeguarding patient passwords; and failing to verify the identities of those seeking access to patient information. These failures, according to state officials, constituted violations of the New Jersey Consumer Fraud Act, the federal Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule, and the HIPAA Security Rule.
Although Diamond disputed the allegations against it, the New Jersey clinic agreed to a $495,000 settlement that included $412,300 in civil penalties and $82,700 in attorneys’ fees and investigative costs. In addition, the settlement requires Diamond to undergo a series of reforms designed to strengthen its encryption protocols and data security system to protect patient information and prevent future breaches.
In commenting on the settlement, Acting New Jersey Attorney General Andrew J. Bruck stated that major cybersecurity lapses are unacceptable. In addition, he expressed that the settlement sends a message to other organizations that a lapse in privacy comes with significant consequences. Finally, he stated that patients seeking fertility treatments expect their healthcare providers to protect their privacy.
Hackensack Commercial Litigation Attorney
If you are a victim of fraud of any kind, you need an experienced Hackensack commercial litigation attorney on your side. At Rosenblatt Law PC, we provide comprehensive legal representation to a wide range of clients throughout Northern New Jersey and the greater New York area. Our knowledgeable commercial litigation attorneys are just as comfortable in court as they are at the negotiation table, so we are prepared to handle your legal matter regardless of the direction it takes. In other words, when you become one of our valued clients, you can rest assured that your legal matter is in good hands. Please contact us today to schedule a free initial consultation.