New York clinic agrees to $1.2M investment, $450K fine in wake of ransomware attack

The New York attorney general has reached a settlement agreement with Refuah Health Center regarding a 2021 ransomware attack. 

According to a Jan. 8 report from Gov Info Security, the Spring Valley, N.Y.-based clinic must pay at least $350,000 in a settlement, and an additional $100,000 charge is pending if cybersecurity is not strengthened. 

To reinforce current cybersecurity measures, Refuah committed to spending $1.2 million on information security measures from 2024 to 2028.

These fines come after the AG's office investigated the theft of between 195,000-234,000 patient files. According to the settlement agreement, Refuah neglected to change login credentials for 11 years, which allegedly exposed them to a cyberattack.

As part of increased security measures, Refuah must appoint an employee to execute and sustain the chosen information security program. This person will be responsible for ensuring that a breach like this is unlikely to happen again.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars