Latham-based OrthopedicsNY is paying $500,000 in penalties over failure to protect patient information related to a 2023 data breach, the New York Attorney General’s office said Dec. 26.
An investigation from the Office of the Attorney General found that cyber-attackers could steal patient data because the practice’s system wasn’t properly protected, according to a news release. The 2023 data breach affected more than 650,000 patients and employees.
The OAG’s settlement includes the $500,000 fine and requires the practice to “significantly strengthen its data security to secure patient data.” Data security measures will include annual risk assessments, encrypting patient and employee data and establishing a system to monitor networks for suspicious activity.
