Penalty Amount
$450,000
Consumers Affected
250,000
Refuah Health Center, Inc. failed to implement adequate data security measures, leading to a ransomware attack that compromised the personal and health information of approximately 250,000 New Yorkers. The New York Attorney General reached a settlement requiring Refuah to invest $1.2 million in cybersecurity improvements and pay $450,000 in penalties.
Refuah must invest $1.2 million to develop and maintain stronger information security programs, implement policies for data access, use multi-factor authentication, rotate credentials, conduct semi-annual audits, encrypt all consumer information, monitor network activity, and maintain an incident response plan. Additionally, Refuah must pay $450,000 in penalties and costs, with $100,000 suspended upon spending the $1.2 million.
Entity
Refuah Health Center, Inc.
Also known as: Refuah Health Center
Industry
HealthcareOfficial Press Release
https://ag.ny.gov/press-release/2024/attorney-general-james-reaches-agreement-hudson-valley-health-care-provider
234333689905 l ;!!Ke5ujdWW74OM!8X4rI5 kjU9sT4qUzCgDvY1BmT VY
https://urldefense.com/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vYWcubnkuZ292L3NpdGVzL2RlZmF1bHQvZmlsZXMvc2V0dGxlbWVudHMtYWdyZWVtZW50cy9yZWZ1YWgtYW9kLnBkZiIsImJ1bGxldGluX2lkIjoiMjAyNDAxMDUuODgwNTMxOTEifQ.gcJhBDRQpWffjlBV0hxi4SvENil-rBLL9JNIdG4MgBc/s/959752070/br/234333689905-l__;!!Ke5ujdWW74OM!8X4rI5_kjU9sT4qUzCgDvY1BmT-VYUv8vvUuAxj1F_jMrzpyNK8RIx_bYHI-S2UjqLFaoXMTQEZIvmK9FvqTeFXzAjewn2tm00O-R76g$
New York Attorney General Enforcement Page
https://ag.ny.gov/press-releases
New York Attorney General Letitia James, joined by 16 other states, sued the U.S. Department of Education over a new survey requiring colleges to submit extensive student data, arguing it violates the Administrative Procedure Act and threatens student privacy. The lawsuit seeks to block the mandate and prevent penalties for non-compliance.
New York Attorney General Letitia James sent a letter to Instacart demanding information about its algorithmic pricing practices after a study revealed significant price differences for the same products. The AG warns that Instacart may be violating the New York Algorithmic Pricing Disclosure Act by failing to clearly disclose the use of personal data for price setting.
$500K
New York Attorney General Letitia James secured a $500,000 settlement from OrthopedicsNY, LLP for failing to implement reasonable data security practices, which led to a cyber-attack stealing sensitive personal and health information of over 650,000 patients and employees. The settlement imposes penalties, requires funding for credit monitoring, and mandates enhanced security measures including multi-factor authentication and encryption.
$5.1M
Illuminate Education, Inc. experienced a data breach in 2022 that exposed personal information of millions of students due to inadequate security measures. A multistate investigation by New York, California, and Connecticut Attorneys General resulted in a $5.1 million settlement requiring Illuminate to enhance cybersecurity practices and pay penalties.
$60K
New York Attorney General Letitia James announced a settlement with accounting firm Wojeski & Company for failing to secure customer data, resulting in two data breaches that exposed personal information of over 4,700 New Yorkers. The firm delayed breach notification for over a year and had unauthorized employee access to data, leading to a $60,000 penalty and mandatory cybersecurity improvements.
$14.2M
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to protect consumers' personal information. The companies' inadequate cybersecurity allowed hackers to steal driver's license numbers and other data through online quoting tools, impacting over 825,000 New Yorkers. The settlements require the companies to pay penalties and implement enhanced data security measures.