AG James today announced that her office has secured $500,000 in penalties from OrthopedicsNY, LLP (OrthopedicsNY) for failing to protect patients’ private information. OrthopedicsNY is an orthopedics medicine and surgery practice that operates clinics and surgery centers across the Capital Region. An investigation by the Office of the Attorney General (OAG) found that cyber-attackers were able to steal patient data because the health care practice did not properly protect its systems, exposing the information of more than 650,000 patients and employees. Today’s settlement requires OrthopedicsNY to pay $500,000 in penalties and significantly strengthen its data security to secure patient data. Impacted patients and employees were each offered one year of free credit score monitoring funded by OrthopedicsNY to protect against fraud. 

“Patients entrust their health care providers with their personal information, and providers must honor that trust by ensuring their systems are secure. OrthopedicsNY failed to do its due diligence to protect patients’ private information. No patient deserves to have their information exposed and my office will continue to enforce the law to protect New Yorkers’ personal data.” – AG James