NY AG: Refuah must invest $1.2M to secure patient records after cyberattack

Nancy Cutler, Rockland/Westchester Journal News

January 9, 2024 at 3:01 AM·2 min read

The New York State Attorney General's Office has hit health provider Refuah with fines and demands that it update the way it protects patient records after a 2021 ransomware attack exposed the personal information of some 250,000 people who had used the federally qualified health centers.

An assurance, or agreement, with Refuah was reached Dec. 29.

Refuah's main health center is in Spring Valley, with offices in Spring Valley/Monsey, Hillcrest/Nanuet, South Fallsburg and Liberty. Mobile units also serve the Hudson Valley region.

What Refuah will do

Refuah has agreed to invest $1.2 million to develop and maintain stronger information security programs to better protect patient data.

Refuah is also required to pay $450,000 in penalties and costs to the state, with $100,000 of that to be suspended when the company security program investment is complete.

Refuah Health Center on North Main in Spring Valley, on Monday, Jan. 8, 2024.

Further security measures include encrypting patient information and monitoring all activity on the company's networks.

Refuah notified former and current patients of the breach, according to an April 29, 2022 statement, and offered credit monitoring for those whose Social Security numbers may have been impacted.

"Over the next four years, RefuahHealth will make a meaningful investment in our cybersecurity," spokesperson Amanda Salzman said Monday. "We remain committed to maintaining the privacy of personal and protected health information in our possession."

How the leak happened

The AG's Office pointed to how Refuah’s poor data security fed the ability of hackers to launch their scheme in May 2021.

The attackers were able to gain remote access by getting ahold of administrative credentials associated with a Refuah account used by a former IT vendor. Even though the vendor hadn't worked with Refuah since 2014, according to the AG's Bureau of Internet and Technology investigation, the account used by the vendor hadn't been deleted or disabled.

In fact, the credentials had not been changed for at least 11 years, the AG reported.

By the time the time the hack was discovered, on June 1, 2021, about a terabyte of data was accessed, the AG report states. But Refuah didn't have the technology in place to identify what files had been taken.

This article originally appeared on Rockland/Westchester Journal News: Refuah clinic ransomware attack: NY Attorney General issues fines

Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
How rich homebuyers are avoiding high mortgage rates
Homebuyers with means are turning to an old strategy to get around a new crop of high mortgage rates: all-cash deals.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Tight end rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
Golf’s moment of truth is here, and the sport is badly flailing
Nonexistent negotiations and missed opportunities for reconciliation between the PGA Tour and LIV Golf have the sport stuck in place.
Yahoo Finance
Bud Light sales still falling as Modelo, Coors fight to keep their gains
The competition among beer giants is still brewing.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Finance
Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts
The average 30-year fixed mortgage rate edged back toward 7% this week but remains elevated, prompting housing experts to revise their forecasts for the rest of 2024.
Yahoo Sports
Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever
Caitlin Clark’s WNBA preseason debut went much like her senior year at Iowa. She hit a bunch of 3s and did so in front of a sold-out crowd.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Sports
Please save 'Inside the NBA'
Appreciate 'Inside the NBA' while it's still here, because if this goes away, there may never be anything as good again.

News

Life

Entertainment

Finance

Sports

New on Yahoo

NY AG: Refuah must invest $1.2M to secure patient records after cyberattack

What Refuah will do

How the leak happened

Recommended Stories

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

How rich homebuyers are avoiding high mortgage rates

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Tight end rankings for fantasy football 2024

Golf’s moment of truth is here, and the sport is badly flailing

Bud Light sales still falling as Modelo, Coors fight to keep their gains

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

2024 Fantasy Football Mock Draft, 1.0

The best budgeting apps for 2024

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Please save 'Inside the NBA'