New York Attorney General Laetitia James imposed a USD200,000 fine on a law firm retained by several hospitals that sustained a ransomware attack in 2021, The Record reports. The attorney general's office said New York City-based Heidell, Pittoni, Murphy & Bach maintained "poor data security" that exposed information, including health data, of roughly 114,000 individuals. According to the attorney general investigation, the hacker "exploited the firm’s Microsoft Exchange email server (by) taking advantage of a vulnerability that Microsoft had identified more than six months earlier."
28 March 2023
Law firm retained by hospitals fined after 2021 ransomware attack
Related stories
CPPA executive director offers window into agency's priorities
New state laws protect abuse survivors from misuse of vehicle connectivity
How a recent settlement represents a warning and relief for the adtech industry
Notes from the IAPP Canada: Privacy watchdogs — What the 2024–25 annual reports reveal
A view from DC: Competing Republican visions for tech policy in the 119th Congress
