No X-Ray Vision Necessary for this Security Breach

  • New York AG Letitia James settled with US Radiology Specialists, Inc. to resolve allegations that the private radiology group violated New York’s Executive Law and General Business Law by failing to adequately protect patients’ personal health information (PHI) and private information (PI).
  • AG James alleges that US Radiology failed to quickly update its firewall after being informed of a known vulnerability by its firewall provider. A threat actor subsequently breached US Radiology’s firewall and gained access to the PHI and PI of nearly 200,000 patients.
  • The settlement requires US Radiology to pay $450,000 in civil penalties, attorneys’ fees, and costs, and adopt additional data safeguards including ensuring its IT infrastructure is updated and encrypting patient information.