Attorney General James Secures $500,000 from Capital Region Health Care Provider for Failing to Protect Patients' Information - DataBreaches.Net

Attorney General James Secures $500,000 from Capital Region Health Care Provider for Failing to Protect Patients' Information - DataBreaches.Net

Briefly

"NEW YORK - New York Attorney General Letitia James today announced that her office has secured $500,000 in penalties from OrthopedicsNY, LLP (OrthopedicsNY) for failing to protect patients' private information. OrthopedicsNY is an orthopedics medicine and surgery practice that operates clinics and surgery centers across the Capital Region. An investigation by the Office of the Attorney General (OAG) found that cyber-attackers were able to steal patient data because the health care practice did not properly protect its systems, exposing the information of more than 650,000 patients and employees."

""Patients entrust their health care providers with their personal information, and providers must honor that trust by ensuring their systems are secure," said Attorney General James. "OrthopedicsNY failed to do its due diligence to protect patients' private information. No patient deserves to have their information exposed and my office will continue to enforce the law to protect New Yorkers' personal data.""

"In 2023, attackers were able to gain remote access to OrthopedicsNY's network using compromised login information. The attackers then downloaded unencrypted files containing sensitive private personal and health care information of approximately 656,000 individuals, including the social security numbers, driver's license numbers, or passport numbers for approximately 110,000 individuals."