More than 92,500 patients of Western New York medical provider Windsong Radiology had their personal and medical information exposed in late 2021 as part of a data breach that hit one of the company’s service providers.
That provider, US Radiology Specialists, has agreed to pay $450,000 in penalties to New York in a settlement announced Wednesday by Attorney General Letitia James.
“When patients visit a medical facility, they deserve confidence in knowing that their personal information will not be compromised when they are receiving care,” James said in a statement.
US Radiology is one of the country’s largest private radiology groups and provides managed services for partner companies such as Windsong Radiology, which has six offices across Western New York. Windsong, according to the attorney general’s settlement, relies on US Radiology for various services related to network management and protection. US Radiology announced its partnership with Windsong in December 2020.
In a statement, US Radiology said it previously notified affected individuals and regulators about the data security incident that impacted Windsong Radiology.
“Since learning of the incident in 2021, US Radiology has implemented additional data security enhancements and continues to improve our technology and processes to protect IT infrastructure,” the group said. “Comprehensive data security incident investigations and cooperation with regulatory authorities can be lengthy procedures. As part of the regulatory response to the 2021 incident, US Radiology has entered into a voluntary settlement agreement with the New York Attorney General.”
With the settlement, US Radiology said it is “pleased to resolve this matter and remains committed to protecting patient, provider, and employee data.”
To protect its networks and those of its partner companies, US Radiology deployed a firewall sold by SonicWall, which on Jan. 22, 2021, published a…
Read the full article here