Attorney General Letitia James once again makes headlines with a substantial legal settlement involving a data breach, yet the public remains largely unaffected. Despite her persistent efforts in securing financial penalties from companies for data breaches, they continue to happen regularly.
Photo: Ted Shaffrey/AP
Attorney General Letitia James announced a $300,000 settlement with The NewYork-Presbyterian Hospital (NYP) for its failure to safeguard patient data. The settlement follows an investigation by the Office of the Attorney General (OAG) into the hospital’s use of tracking tools on its website that disclosed visitors’ health information to third-party tech companies.
The investigation revealed that when visitors used NYP’s website to search for doctors or book appointments, their private health information was collected and shared, breaching the Health Insurance Portability and Accountability Act (HIPAA). As part of the settlement, NYP agreed to implement new policies, ensure the deletion of protected health information, and maintain enhanced privacy safeguards.
“New Yorkers searching for a doctor or medical help should be able to do so without their private information being compromised,” said Attorney General James, who has taken similar action against several entities for data breaches, including US Radiology, Personal Touch, cloud company Blackbaud, Marymount Manhattan College, and a medical management company.
In October 2022, Attorney General James announced a $1.9 million agreement with SHEIN and Zoetop for mishandling a data breach.
NewYork-Presbyterian Hospital, with 10 hospitals across New York City and the metropolitan area, had not adequately reviewed third-party tracking tools used on its website for policy or legal violations. Between June 2016 and June 2022, NYP employed these tools for marketing purposes, inadvertently sharing user data, including health conditions, with third-party companies.
For instance, if a user…
Read the full article here
Leave a Reply