HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach

Posted 12.11.13 by

Dealing with strict personal health information protocol on a daily basis, many members of the healthcare industry are well aware of the importance of data protection. According to a story in today’s Boston Globe, two healthcare-related groups who may be more familiar with HIPAA compliance got an unfortunate lesson in the importance of PCI compliance.

Hundreds of attendees at an American Public Health Association conference and an American Society of Human Genetics conference, both held at the Boston Convention & Exhibition Center this fall, had credit card information stolen. It was used to purchase goods across the country.

One of the victims was Edward McCabe, the chief medical officer for the March of Dimes.

The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations that handle cardholder information for credit, debit, ATM, and point-of-sale cards. It remains unclear in these instances where the breakdown in that standard occurred.

The Massachusetts Convention Center Authority, which operates the convention center, told the newspaper the data breach did not happen at its facility, and that several of its own employees were affected. The Westin Boston Waterfront Hotel, connected to the conference center, say the breaches did not happen within its system.

Convention-goers, naturally, eat out more often and, as the Boston Globe story notes, “restaurants are particularly vulnerable to credit card theft because servers walk away with diners’ cards. Wayward employees can simply write down the credit card information or use a device called a skimmer to capture not only the name, card number, expiration date, and security code, but the information in the magnetic stripe as well.”

Many of the victims in these cases reported using their credit cards in area restaurants and businesses.

Read the full story: Conventioners’ credit card data stole in Boston

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!