Hospital system to pay Iowa $38,895 after 2014 data breach exposes patient information

Published: Oct. 8, 2020 at 11:36 AM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

DES MOINES, Iowa (KCRG) - Tennessee-based Community Health Systems, inc. has agreed to pay $5 million to states, including $38,895 to Iowa, following a 2014 data breach that exposed its patients' personal information.

This comes after 28 attorneys general, including Iowa Attorney General Tom Miller, obtained a judgement resolving the investigation into the data breach that affected 6.1 million patients. 7,002 of those patients are Iowans.

According to Attorney General Tom Miller, the breach exposed the names, birthdates, Social Security numbers, phone numbers and addresses of patients at the 206 hospitals CHS owned, leased or operated.

“CHS failed to implement and maintain reasonable security practices,” Miller said. “The terms of this settlement will help ensure that patient information will be protected from unlawful use or disclosure.”

CHS agreed to pay the states $5 million, including $38,895 going to Iowa. It will also implement and maintain a comprehensive information security program to safeguard personal information and protected health information.

Copyright 2020 KCRG. All rights reserved.