ALBANY, N.Y. (NEWS10) — An orthopedic center with several locations in the Capital Region faces a $500,000 fine for failing to protect patient information. The New York Attorney General, Letitia James, said an investigation into Orthopedics NY LLP found the orthopedic medicine and surgery center failed to adequately protect its systems, exposing the personal information of more than 650,000 patients and employees.
Get the latest news, weather, sports and entertainment delivered right to your inbox!
The AG’s office said cyberattackers gained remote access to OrthopedicsNY’s patient data in 2023 by using compromised login credentials. The attackers downloaded unencrypted files containing Social Security, driver’s license, and passport numbers for roughly 110,000 people, officials reported.
“Patients entrust their health care providers with their personal information, and providers must honor that trust by ensuring their systems are secure,” Attorney General James said. “OrthopedicsNY failed to do its due diligence to protect patients’ private information. No patient deserves to have their information exposed, and my office will continue to enforce the law to protect New Yorkers’ personal data.”
In addition to the $500,000 fine, OrthopedicsNY will provide a year of credit monitoring for all individuals affected by the data breach. They will also be expected to enhance patient information protection, implement multi-factor authentication for remote network access, and conduct annual risk assessments to identify internal and external security risks…