The New York attorney general has reached a settlement agreement with Refuah Health Center regarding a 2021 ransomware attack.
According to a Jan. 8 report from Gov Info Security, the Spring Valley, N.Y.-based clinic must pay at least $350,000 in a settlement, and an additional $100,000 charge is pending if cybersecurity is not strengthened.
To reinforce current cybersecurity measures, Refuah committed to spending $1.2 million on information security measures from 2024 to 2028.
These fines come after the AG's office investigated the theft of between 195,000-234,000 patient files. According to the settlement agreement, Refuah neglected to change login credentials for 11 years, which allegedly exposed them to a cyberattack.
As part of increased security measures, Refuah must appoint an employee to execute and sustain the chosen information security program. This person will be responsible for ensuring that a breach like this is unlikely to happen again.