Requiring Cybersecurity Resilience: A Lesson from New York Attorney General Letitia James
Michael Owens
Mayor of Mableton, GA | Senior Executive Leader | Cybersecurity Professional | Security Policy | National Security | International Speaker | Advisor | Board Member
I wanted to draw your attention to the recent strides made by New York Attorney General Letitia James in safeguarding the personal information of New Yorkers and the crucial implications for businesses, that aren't putting their best foot forward in building information security programs that meet their level of risk.
In the latest example of this, the Office of the New York State Attorney General (OAG) reached an agreement with Refuah Health Center following a ransomware attack in May 2021 that compromised the sensitive data of approximately 250,000 New Yorkers. The OAG found that Refuah Health Center failed to implement essential controls, such as encrypting patient information and using multi-factor authentication.
The aftermath of this attack led to a groundbreaking agreement, requiring Refuah to invest $1.2 million to improve its cybersecurity and data protection capabilities. Additionally, the healthcare provider is obligated to pay $450,000 in penalties and costs, with $100,000 suspended upon the completion of the enhancing their cybersecurity program.
This incident is not an isolated case. Attorney General James has been consistent in holding companies accountable for lapses in data security. Just last month, Healthplex, Inc., a dental insurance provider, was fined $400,000 for failing to safeguard consumers’ private information. Similarly, U.S. Radiology, Personal Touch, and Blackbaud faced penalties for compromising patient and user data.
Attorney General James' dedication to protecting personal information is evident in the various settlements reached throughout the past year. From securing investments in cybersecurity measures to releasing a comprehensive data security guide in April, her initiatives aim to create a robust defense against cyber threats. What AG James is requiring is what every company should already be doing if you are collecting, storing, accessing or transmitting protected data.
领英推荐
For all businesses, this should serve as a stark reminder of the urgency to elevate your cybersecurity and data protection programs. In an era where cyber threats are evolving, investing in robust security measures is not just a regulatory requirement but a fundamental responsibility toward clients, customers, and patients.
Let's learn from these cases and collectively work towards a more secure digital landscape. ?????
#Cybersecurity #DataProtection #NewYorkAG #DigitalSecurity #cyberdefense
Cyber Insurance | Getting Businesses Secured and Insured
8 个月??
Senior Project and Program Manager | IT Management, Strategic Leadership | PMP Certified | Product Management and Digital Transformations | Founder and Author, TJP Publications LLC
10 个月Nice share. Appreciate attention given to heighten awareness to the importance of cybersecurity and key responsibilities.
E-Commerce consultant (Adobe, Shopify, Bigcommerce) & Growth accelerator
10 个月Thanks for raising awareness about the importance of cybersecurity and the actions being taken by the New York Attorney General. It's crucial that companies take responsibility for protecting the personal information of their customers. Keep up the good work! ???????? #Cybersecurity #DataProtection #ransomware
Excellent approach. The delay to inform clients their personal data has been compromised needs shortened nationally. However, great step forward at the state level.