Penalty Amount
$515,000
Consumers Affected
349,255
Massachusetts Attorney General secured a $515,000 settlement with Comstar, LLC for a March 2022 data breach that exposed sensitive patient information of over 326,000 Massachusetts residents. Comstar violated Massachusetts Data Security regulations and HIPAA by failing to maintain adequate security measures. The settlement includes monetary payment and mandated security improvements.
Comstar must pay $515,000, implement security measures such as phishing protection, multi-factor authentication, and conduct annual security assessments for three years, reporting to Massachusetts and Connecticut AGs.
Entity
Comstar, LLC
Also known as: Comstar
Industry
HealthcareOfficial Press Release
https://www.mass.gov/news/ag-campbell-secures-515000-settlement-with-ambulance-billing-vendor-for-failing-to-safeguard-sensitive-patient-medical-information
download
https://www.mass.gov/doc/comstar-stamped-order/download
Massachusetts Attorney General Enforcement Page
https://www.mass.gov/orgs/attorney-generals-office
$515K
Comstar, LLC, an ambulance billing vendor, suffered a data breach in March 2022 that exposed sensitive patient information, including Social Security numbers and medical records, of over 349,000 residents in Connecticut and Massachusetts. The settlement requires Comstar to pay $515,000 and implement enhanced security measures such as phishing protection and annual security assessments.
Massachusetts Attorney General Andrea Campbell co-led a coalition of 17 attorneys general in filing a lawsuit against the Trump Administration to stop new data reporting requirements for colleges and universities through IPEDS. The requirements demand detailed student data disaggregated by race and sex, retroactive for seven years, which the coalition argues jeopardizes student privacy and could lead to baseless investigations.
Massachusetts Attorney General Andrea Campbell secured a preliminary injunction from the U.S. District Court blocking the Trump Administration's USDA from cutting off SNAP funding to states that refuse to turn over personal data of SNAP applicants and recipients. The court found USDA's proposed data protocol unlawful because it allowed sharing data with entities unrelated to federal benefits administration.
Massachusetts Attorney General Andrea Campbell filed a motion to enforce a preliminary injunction against the Trump Administration's demands for personal data of SNAP recipients. The court previously blocked such demands, but the administration renewed its request, threatening to withhold funding. The AG seeks to ensure compliance with federal privacy laws and protect SNAP recipients' sensitive information.
$795K
Massachusetts Attorney General Andrea Joy Campbell announced a $795,000 settlement with Peabody Properties, Inc. for failing to protect personal information and delaying breach notifications after multiple data breaches exposed nearly 14,000 residents' sensitive data. The consent decree requires payment to the Commonwealth and implementation of comprehensive cybersecurity measures.
Massachusetts Attorney General Andrea Campbell, joined by a coalition of 21 states and Kentucky, filed a lawsuit challenging the U.S. Department of Agriculture's demand that states turn over sensitive personal data of SNAP recipients. The lawsuit argues that this demand violates federal privacy laws and the Spending Clause, threatening the privacy of millions of low-income families and coercing states by threatening funding cuts.