ARTICLE
19 November 2024

New York AG Settles EnforcemENT Action With ENT

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
The New York Attorney General's Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers' private health information.
United States New York Privacy

Listen to this post

The New York Attorney General's Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers' private health information. The claims stem from two ransomware attacks in 2023. The AG argued that the company had violated New York's data security law, resulting in the incident. As part of the settlement, Albany ENT agreed to pay $2.75 million in civil penalties and to implement additional security measures.

Among other things, the company has agreed to the following:

  • Maintain a comprehensive Information Security Program that includes sufficient measures to protect personal information.
  • Appoint personnel responsible for monitoring the information security program.
  • Get annual third-party assessments of its security practices and the effectiveness of the program.
  • Implement additional security measures, including multifactor authentication on devices that remotely access data and installing critical security updates in a timely manner.
  • Implement oversights for data security vendors.
  • Have a written Incident Response plan with internal procedures if there is a reasonable suspicion of a breach.

Putting it Into Practice: As we'veseenbefore, conducting business without essential safeguards to PI is the easiest way to find your company in trouble with regulators. This settlement should remind businesses to proactively assess their comprehensive information security program and practices for compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More