New York AG Announces Settlement with Medical Practice for Cyberattacks Compromising Medical Records
Click to Enlarge
Cybersecurity concerns continue to be a major nuisance for all healthcare providers, and physician practices should be particularly aware of the potential legal consequences. Last week, the New York Attorney General announced a $2.25 million settlement with a large medical practice relating to allegations of not maintaining reasonable safeguards to protect patient data and not adequately responding to the cyberattacks on its systems.
The cyberattacks on the medical practice took place within 10 days of each other and stolen information included patient names, address, date of birth, driver’s license number, social security number, diagnosis, conditions, lab results, medications, and other treatment information. The AG press release noted that the practice did not initially disclose to the state the exposure of a significant number of New York resident driver’s license numbers and that the practice’s data storage devices continued to host unprotected private information months after the two ransomware incidents occurred.
Read the full press release to learn more details about the cyberattack and settlement. MSSNY will continue to monitor this issue and share updates with members.
