Health care services/ IT provider resolves data breach | The Berkshire Eagle
BOSTON — A health care administrative services and IT provider recently agreed to pay $120,000 and change its business practices to resolve an investigation into its failure to provide timely notice of a data breach that affected nearly 1,900 Massachusetts residents, according to Attorney General Maura Healey.
CoPilot Provider Support Services Inc. is a New York-based company that operates a website for health care providers to check whether a patient's insurance provides coverage for certain medications. To provide this service, CoPilot's website connected to a database that contained, among other things, sensitive personal information about consumers, including names and social security numbers.
According to an assurance of discontinuance filed recently in Suffolk Superior Court, CoPilot learned that that information had been breached as early as December 2015, but waited more than a year, until January 2017, to notify affected residents of the breach and report it to the AG's Office. The Massachusetts Data Breach Law requires companies to report data breaches as soon as possible.
Advertisements
If you'd like to leave a comment (or a tip or a question) about this story with the editors, please
email us. We also welcome letters to the editor for publication; you can do that by
filling out our letters form and submitting it to the newsroom.
Gloss