In a press release on December 9, the Office of the New York State Attorney General stated that New York Attorney General Letitia James secured $550,000 from the Hudson Valley Healthcare facility operator, HealthAlliance, for failing to protect the personal and medical Data of over 240,000 New Yorkers.
An investigation by the Office of the Attorney General (OAG) found that the healthcare facility did not address a weakness in its system that was raised by one of its vendors, leading to a cyber-attack that compromised the data of patients, the news brief detailed. "HealthAlliance is required to pay $550,000 in penalties and strengthen its data security practices."
A HealthAlliance vendor released a cybersecurity alert in July of 2023. While HealthAlliance was informed of the vulnerability, it could not apply the patch due to technical issues.
"No one should have to worry that when they seek medical care, they are putting their private information in the hands of scammers and hackers. Every company that is entrusted by New Yorkers with personal information, especially financial and medical data, must take necessary precautions to ensure their systems are not vulnerable to cyberattacks," Attorney General James said in a statement.
