New York Attorney General Letitia James has penalized OrthopedicsNY, LLP (OrthopedicsNY) with a $500,000 fine for failing to secure patient information. The Capital Region health care provider’s negligence allowed cyber-attackers to steal data from over 650,000 patients and employees.
James’ office discovered that OrthopedicsNY’s systems were inadequately protected, leading to the compromise of sensitive personal and medical records. Impacted individuals are being offered a year of free credit score monitoring.
In 2023, attackers exploited login credentials to gain remote access to OrthopedicsNY’s network. They downloaded unencrypted files containing information such as social security numbers and driver’s license details for nearly 110,000 patients.
The Office of the Attorney General (OAG) found that OrthopedicsNY had not implemented reasonable data security practices prior to the breach. The health care provider is now required to enhance its data protection measures significantly, including using multifactor authentication, encrypting sensitive data, and conducting regular risk assessments.
OrthopedicsNY will fund credit monitoring services for affected patients and employees. Today’s penalty follows James’ recent actions against Illuminate Education and eight car insurance companies, where she secured substantial fines for data breaches.
The Attorney General emphasized the importance of trust between patients and healthcare providers. ‘Patients entrust their health care providers with their personal information, and providers must honor that trust,’ she stated.
Key Facts
- State: New York
- Agency: NY AG
- Category: Cybercrime|Public Corruption
- Source: Official Source ↗
🔒 Get the grimiest stories delivered weekly. Subscribe free →
Browse More