mailing list archives
$250,000 penalty issued to Lucile Packard Children’s Hospital was an error – C DPH
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Thu, 7 Mar 2013 17:25:30 -0600
A breach at Lucile Salter Packard Children’s Hospital in 2010
generated a number of posts on this blog – especially after the
hospital was reportedly fined $250,000 by California for a delay in
notifying patients of the breach.
I recently reported that the hospital had settled its appeal with the
state and did not have to pay the $250,000 fine, but I didn’t know why
or what we could learn from the settlement. Neither the hospital nor
the state would give me any statement before I wrote that post.
The state subsequently contacted me and said they would issue a
statement, which I just received:
The original $250,000 penalty posting was an error discovered during
the appeal. The correct calculation should have been $100/day times
the number of days the facility failed to report the breach to CDPH,
for a total penalty of $1100.
So after all that – and after all the blog entries and discussions
with lawyers about the wisdom of such a steep penalty under the
conditions of the breach and the possible constitutionality of
California’s law, the fine was just a mistake.
And thus endeth this story.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
- $250,000 penalty issued to Lucile Packard Children’s Hospital was an error – C DPH Erica Absetz (Mar 08)