惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
Know Your Adversary
Know Your Adversary
博客园 - 叶小钗
雷峰网
雷峰网
大猫的无限游戏
大猫的无限游戏
M
MIT News - Artificial intelligence
量子位
A
About on SuperTechFans
The Register - Security
The Register - Security
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
IT之家
IT之家
博客园 - 聂微东
Blog — PlanetScale
Blog — PlanetScale
Hugging Face - Blog
Hugging Face - Blog
J
Java Code Geeks
有赞技术团队
有赞技术团队
阮一峰的网络日志
阮一峰的网络日志
云风的 BLOG
云风的 BLOG
人人都是产品经理
人人都是产品经理
Hacker News: Ask HN
Hacker News: Ask HN
T
The Exploit Database - CXSecurity.com
Vercel News
Vercel News
Stack Overflow Blog
Stack Overflow Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 司徒正美
NISL@THU
NISL@THU
V2EX - 技术
V2EX - 技术
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Schneier on Security
Schneier on Security
博客园 - 三生石上(FineUI控件)
T
The Blog of Author Tim Ferriss
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
T
Tenable Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
V
Vulnerabilities – Threatpost
美团技术团队
L
LangChain Blog
Google DeepMind News
Google DeepMind News
腾讯CDC
P
Privacy International News Feed
Spread Privacy
Spread Privacy
D
DataBreaches.Net
Engineering at Meta
Engineering at Meta
S
Security @ Cisco Blogs

New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center for $103,000
New York Attorney General Reaches $500,000 Settlement with Orthopedics Practice Over 2023 Data Breach
2026-01-21 · via New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data

New York Attorney General Reaches $500,000 Settlement with Orthopedics Practice Over 2023 Data Breach

New York Attorney General Letitia James recently announced a $500,000 settlement with New York orthopedics practice, OrthopedicsNY, LLP (“OrthoNY”), for allegedly failing to protect patient and employee information, in violation of applicable law. The New York Office of the Attorney General (“OAG”) investigated OrthoNY in connection with a 2023 data breach affecting the personal information of more than 650,000 patients and employees, including the Social Security numbers, driver’s license numbers, and passport numbers of approximately 110,000 individuals.

In addition to the $500,000 settlement, OrthoNY must provide affected individuals with one year of complimentary credit monitoring services. The settlement also requires OrthoNY to strengthen its data security measures, including by:

  • maintaining a comprehensive information security program that ensures safeguards are in place to protect the security, integrity and confidentiality of patients’ data;
  • establishing and implementing policies and procedures that appropriately limit access to patient and employee data;
  • implementing multi-factor authentication for remote access to its network;
  • encrypting patient and employee data that it collects, stores, transmits and maintains;
  • establishing and maintaining a system designed to monitor networks and systems for anomalous activity; and
  • conducting annual risk assessments to identify anticipated internal and external risks to the security, confidentiality or integrity of patient and employee data.

In the OAG’s press release, Attorney General James emphasized that, “Patients entrust their health care providers with their personal information, and providers must honor that trust by ensuring their systems are secure. OrthopedicsNY failed to do its due diligence to protect patients’ private information. No patient deserves to have their information exposed and my office will continue to enforce the law to protect New Yorkers’ personal data.”

This settlement underscores the OAG’s heightened focus on data security enforcement, building on recent actions against an ed tech provider, multiple auto insurers and a home security video camera company. The growing trend of state attorney general enforcement in this area highlights the importance of considering state data security requirements – alongside HIPAA – when handling patient data.