Incident Details
Personal Touch Holding Corporation settled a lawsuit with the NY Attorney General after a 2021 ransomware incident that compromised the personal and medical information of approximately 316,845 New Yorkers.
Incident
How Did the Breach Happen?
In January 2021, a Personal Touch employee opened a malware-infected file attached to a phishing email, allowing a hacker to access the network and collect patient and employee records from an unencrypted server.
What Data has been Compromised?
The compromised data included names, addresses, Social Security numbers, medical treatments, financial information, and other confidential personal and health information of thousands of people.
Why Did the company's Security Measures Fail?
Personal Touch failed to maintain reasonable data security safeguards, had poor security training, inadequate access controls, lacked continuous monitoring, and did not encrypt personal and medical data.
What Immediate Impact Did the Breach Have on the company?
The breach led to a $350,000 penalty, the need to update and improve cybersecurity infrastructure, and the provision of free credit monitoring and identity theft services to affected individuals.
How could this have been prevented?
- Conduct regular security training for staff members
- Implement strong access controls and continuous monitoring systems
- Encrypt all personal and medical data to protect confidentiality
What have we learned from this data breach?
- Importance of maintaining robust data security safeguards
- Need for encryption of sensitive personal and medical information
- Significance of continuous security training for employees
Summary of Coverage
Personal Touch Holding settled a lawsuit with the NY Attorney General after a ransomware attack compromised the personal and medical information of over 300,000 individuals. The breach highlighted the company's inadequate security measures and the importance of data protection.