It has been announced, by Massachusetts Attorney General Maura Healey, that a new online data breach reporting tool it to be introduced to simplify the process of submitting breach notifications to the State Attorney General’s office.
Massachusetts data breach notification law (M.G.L. c. 93H) states that groups or organizations that suffer a breach of personal information must complete a notification and send it to the Massachusetts attorney general’s office as soon as they can and without unnecessary delay. Data breach notifications must also be sent to the Director of the Office of Consumer Affairs and Business Regulation (OCABR) and notifications must be broadcast to affected patients or clients.
“Data breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud – so it’s vital that businesses come forward quickly after a breach to inform consumers and law enforcement,” said Healey. “This new feature allows businesses to more efficiently report data breaches so we can take action and share information with the public.”
The Massachusetts Attorney general’s office will soon be going live with a database on its website that will make it easy for the general public to view a summary of data breaches affecting those living in the state. The Massachusetts Attorney General’s “Wall of Shame” will list out all of the groups that have encountered data breaches, the date the breaches may have occurred, and the amount of state residents that are believed to have been hit by the breach.
The new online portal and breach listings are part of the state’s commitment to make sure state residents are promptly notified about data breaches to enable them to take rapid action to mitigate risk.
The State of Massachusetts has reaffirmed its commitment to holding businesses accountable when HIPAA breaches, that could easily have been prevented, happen.
Last year, after being officially notified of a breach by Equifax, Attorney General Healey filed an enforcement legal action against the credit monitoring firm seeking civil penalties, disgorgement of profits, restitution, costs, and attorneys’ expenses in addition to injunctive relief to cut out damage to Massachusetts state residents. It was the first state to begin an enforcement action against the firm like this.
When this happened, Healey remarked, “We are suing because Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again.”
Massachusetts is also one of a minority states that has employed the right to pursue financial penalties when healthcare organizations breach HIPAA Rules and expose patients’ PHI. The state will go on taking action against firms that do not address weaknesses and do not use reasonable safeguards to maintain personal information of state residents securely.