12-11-13 | Blog Post
Dealing with strict personal health information protocol on a daily basis, many members of the healthcare industry are well aware of the importance of data protection. According to a story in today’s Boston Globe, two healthcare-related groups who may be more familiar with HIPAA compliance got an unfortunate lesson in the importance of PCI compliance.
Hundreds of attendees at an American Public Health Association conference and an American Society of Human Genetics conference, both held at the Boston Convention & Exhibition Center this fall, had credit card information stolen. It was used to purchase goods across the country.
One of the victims was Edward McCabe, the chief medical officer for the March of Dimes.
The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations that handle cardholder information for credit, debit, ATM, and point-of-sale cards. It remains unclear in these instances where the breakdown in that standard occurred.
The Massachusetts Convention Center Authority, which operates the convention center, told the newspaper the data breach did not happen at its facility, and that several of its own employees were affected. The Westin Boston Waterfront Hotel, connected to the conference center, say the breaches did not happen within its system.
Convention-goers, naturally, eat out more often and, as the Boston Globe story notes, “restaurants are particularly vulnerable to credit card theft because servers walk away with diners’ cards. Wayward employees can simply write down the credit card information or use a device called a skimmer to capture not only the name, card number, expiration date, and security code, but the information in the magnetic stripe as well.”
Many of the victims in these cases reported using their credit cards in area restaurants and businesses.
Read the full story: Conventioners’ credit card data stole in Boston