US Radiology Specialists will pay $450,000 in for failing to protect the personal and health care data of patients, according to New York Attorney General Letitia James.
An investigation found that US Radiology did not prioritize upgrading its hardware, which left its network exposed to a known vulnerability and led to a ransomware attack that affected more than 92,000 New Yorkers, James said, in an announcement.
“In the face of increasing cyberattacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems,” she stated.
In December 2021, a hacker gained access to US Radiology’s network and stole the personal and health information of 198,260 patients, including the data of 92,540 New Yorkers. The stolen information included names, dates of birth, social security numbers, driver’s license numbers, passport numbers, patient IDs, dates of service, provider names, types of radiology exams, diagnoses, and/or health insurance ID numbers.
The investigation concluded that US Radiology had failed to adopt reasonable data security practices to protect patients’ personal information by failing to protect its firewall from a known vulnerability.
US Radiology has agreed to pay $450,000 in penalties to New York, update its IT infrastructure, properly secure its networks, and update its data security policies, James added.