{"id":2750,"date":"2013-12-11T00:00:00","date_gmt":"2013-12-11T00:00:00","guid":{"rendered":"http:\/\/otava.test\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/"},"modified":"2013-12-11T00:00:00","modified_gmt":"2013-12-11T00:00:00","slug":"hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/","title":{"rendered":"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach"},"content":{"rendered":"

Dealing with strict personal health information protocol on a daily basis, many members of the healthcare industry are well aware of the importance of data protection. According to a story in today\u2019s Boston Globe, two healthcare-related groups who may be more familiar with HIPAA <\/a>compliance got an unfortunate lesson in the importance of PCI <\/a>compliance.<\/p>\n

\"\"<\/a>Hundreds of attendees at an American Public Health Association conference and an American Society of Human Genetics conference, both held at the Boston Convention & Exhibition Center this fall, had credit card information stolen. It was used to purchase goods across the country.<\/p>\n

One of the victims was Edward McCabe, the chief medical officer for the March of Dimes.<\/p>\n

The Payment Card Industry Data Security Standard<\/a> (PCI DSS) applies to organizations that handle cardholder information for credit, debit, ATM, and point-of-sale cards. It remains unclear in these instances where the breakdown in that standard occurred.<\/p>\n

The Massachusetts Convention Center Authority, which operates the convention center, told the newspaper the data breach did not happen at its facility, and that several of its own employees were affected. The Westin Boston Waterfront Hotel, connected to the conference center, say the breaches did not happen within its system.<\/p>\n

Convention-goers, naturally, eat out more often and, as the Boston Globe story notes, \u201crestaurants are particularly vulnerable to credit card theft because servers walk away with diners\u2019 cards. Wayward employees can simply write down the credit card information or use a device called a skimmer to capture not only the name, card number, expiration date, and security code, but the information in the magnetic stripe as well.\u201d<\/p>\n

Many of the victims in these cases reported using their credit cards in area restaurants and businesses.<\/p>\n

Read the full story:<\/strong> Conventioners\u2019 credit card data stole in Boston<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Dealing with strict personal health information protocol on a daily basis, many members of the healthcare industry are well aware of the importance of data protection. According to a story in today\u2019s Boston Globe, two healthcare-related groups who may be more familiar with HIPAA compliance got an unfortunate lesson in the importance of PCI compliance. Hundreds of attendees at an American Public Health Association conference and an American Society of Human Genetics conference, both held at the Boston Convention & Exhibition Center this fall, had credit card information stolen. It was used to purchase goods across the country. One of the victims was Edward McCabe, the chief medical officer for the March of Dimes. The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations that handle cardholder information for credit, debit, ATM, and point-of-sale cards. It remains unclear in these instances where the breakdown in that standard occurred. The Massachusetts Convention Center Authority, which operates the convention center, told the newspaper the data breach did not happen at its facility, and that several of its own employees were affected. The Westin Boston Waterfront Hotel, connected to the conference center, say the breaches did not happen within its system….<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2750","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nHIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach | OTAVA<\/title>\n<meta name=\"description\" content=\"Healthcare organizations would be wise to remember that they may not only need to be HIPAA compliant but also compliant with other regulations such as PCI.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach\" \/>\n<meta property=\"og:description\" content=\"Healthcare organizations would be wise to remember that they may not only need to be HIPAA compliant but also compliant with other regulations such as PCI.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-12-11T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach\",\"datePublished\":\"2013-12-11T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\"},\"wordCount\":308,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\",\"url\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\",\"name\":\"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png\",\"datePublished\":\"2013-12-11T00:00:00+00:00\",\"description\":\"Healthcare organizations would be wise to remember that they may not only need to be HIPAA compliant but also compliant with other regulations such as PCI.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage\",\"url\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png\",\"contentUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach | OTAVA","description":"Healthcare organizations would be wise to remember that they may not only need to be HIPAA compliant but also compliant with other regulations such as PCI.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach","og_description":"Healthcare organizations would be wise to remember that they may not only need to be HIPAA compliant but also compliant with other regulations such as PCI.","og_url":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/","og_site_name":"OTAVA","article_published_time":"2013-12-11T00:00:00+00:00","og_image":[{"url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach","datePublished":"2013-12-11T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/"},"wordCount":308,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/","url":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/","name":"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png","datePublished":"2013-12-11T00:00:00+00:00","description":"Healthcare organizations would be wise to remember that they may not only need to be HIPAA compliant but also compliant with other regulations such as PCI.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#primaryimage","url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png","contentUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/creditcard.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/hipaa-knowledgeable-groups-get-unfortunate-lesson-in-pci-compliance-in-boston-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"HIPAA-Knowledgeable Groups Get Unfortunate Lesson in PCI Compliance in Boston Data Breach"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2750","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2750"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2750\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2750"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2750"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2750"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2750"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}