HACKER PENETRATED FIREWALL AND ACCESSED DATA OF SOME 1.2 MILLION PATIENTS
The New York State Attorney General’s Office announced at the end of May that it had reached a settlement with a medical management company known as Professional Business Systems, Inc., d/b/a/ Practicefirst Medical Management Solutions and PBS Medcode Corp. (Practicefirst), for failing to adequately safeguard patient personal-health records and other information in its custody and control.
Apparently, in November 2020, a hacker exploited a vulnerability in Practicefirst’s firewall and gained access to the company’s systems, resulting in the unauthorized transfer of some 79,000 files which are said to have contained “dates of birth, driver’s license numbers, social security numbers, diagnoses, medication information, and financial information for over 1.2 million patients of Practicefirst clients, including over 428,000 New Yorkers.”
In a settlement agreement reached with the A.G., Practicefirst has agreed to pay $550,000 in penalties and will offer free credit-monitoring services to those impacted. Additionally, the company has agreed to revamp its data retention and cybersecurity practices.
In a written statement, Attorney General James observed, “When a person is seeking medical care, their last concern should be the security of their personal information ….. Each and every company charged with maintaining and handling patient data should take their responsibility to protect personal information, particularly health records, seriously. New Yorkers can trust that when companies fail at their duty, my office will step in to hold them accountable.”
Hopefully, practice will make this Practicefirst perfect?
# # #
ASSURANCE OF DISCONTINUANCE (detailing particulars)