OrthopedicsNY to pay 500000 for failing to protect private data of over 650000 patients

pNowpp35ppSunpp38ppMonpp34ppby Felix DayppppNew York WRGB New York Attorney General Letitia James announced that her office has secured 500000 in penalties from OrthopedicsNY LLP a Capital Region health care provider after an investigation found the practice failed to properly protect patients private informationppOrthopedicsNY operates orthopedic clinics and surgery centers across the Capital Region According to the Office of the Attorney General OAG cyberattackers were able to access the companys network in 2023 using compromised login credentials and steal unencrypted patient data exposing the personal and health information of more than 650000 patients and employees The stolen information included Social Security numbers drivers license numbers or passport numbers for approximately 110000 individualsppAttorney General James saidppThe settlement requires OrthopedicsNY to pay 500000 in penalties and costs and to offer one year of free credit monitoring to all affected patients and employees The credit monitoring will be fully funded by OrthopedicsNYppThe OAG investigation found that prior to the breach OrthopedicsNY failed to implement basic cybersecurity protections including multifactor authentication and data encryption As part of the agreement the company must now strengthen its data security practices includingppThe Office of the Attorney General said the settlement is part of James offices ongoing efforts to hold organizations accountable for failing to safeguard sensitive datapp 2026 Sinclair Incp