惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
V2EX - 技术
V2EX - 技术
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
O
OpenAI News
Cloudbric
Cloudbric
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Help Net Security
Help Net Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tenable Blog
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog
V
Visual Studio Blog
P
Proofpoint News Feed
Webroot Blog
Webroot Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
雷峰网
雷峰网
T
The Blog of Author Tim Ferriss
Hugging Face - Blog
Hugging Face - Blog
腾讯CDC
L
LangChain Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东

South Dakota Enacts Genetic Data Privacy Act

HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data South Dakota Enacts Genetic Data Privacy Act HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center for $103,000
New York Attorney General Reaches $500,000 Settlement with Orthopedics Practice Over 2023 Data Breach
2026-01-21 · via South Dakota Enacts Genetic Data Privacy Act

New York Attorney General Reaches $500,000 Settlement with Orthopedics Practice Over 2023 Data Breach

New York Attorney General Letitia James recently announced a $500,000 settlement with New York orthopedics practice, OrthopedicsNY, LLP (“OrthoNY”), for allegedly failing to protect patient and employee information, in violation of applicable law. The New York Office of the Attorney General (“OAG”) investigated OrthoNY in connection with a 2023 data breach affecting the personal information of more than 650,000 patients and employees, including the Social Security numbers, driver’s license numbers, and passport numbers of approximately 110,000 individuals.

In addition to the $500,000 settlement, OrthoNY must provide affected individuals with one year of complimentary credit monitoring services. The settlement also requires OrthoNY to strengthen its data security measures, including by:

  • maintaining a comprehensive information security program that ensures safeguards are in place to protect the security, integrity and confidentiality of patients’ data;
  • establishing and implementing policies and procedures that appropriately limit access to patient and employee data;
  • implementing multi-factor authentication for remote access to its network;
  • encrypting patient and employee data that it collects, stores, transmits and maintains;
  • establishing and maintaining a system designed to monitor networks and systems for anomalous activity; and
  • conducting annual risk assessments to identify anticipated internal and external risks to the security, confidentiality or integrity of patient and employee data.

In the OAG’s press release, Attorney General James emphasized that, “Patients entrust their health care providers with their personal information, and providers must honor that trust by ensuring their systems are secure. OrthopedicsNY failed to do its due diligence to protect patients’ private information. No patient deserves to have their information exposed and my office will continue to enforce the law to protect New Yorkers’ personal data.”

This settlement underscores the OAG’s heightened focus on data security enforcement, building on recent actions against an ed tech provider, multiple auto insurers and a home security video camera company. The growing trend of state attorney general enforcement in this area highlights the importance of considering state data security requirements – alongside HIPAA – when handling patient data.