HealthAlliance, a Hudson Valley healthcare facility operator, was fined $550,000 by the New York State Attorney General for failing to secure the personal and medical information of over 240,000 New Yorkers. The healthcare facility's vulnerability led to a cyber-attack after it neglected to apply a critical patch notified by its vendor, resulting in a significant data breach compromising patient data.
TPRM report: https://scoringcyber.rankiteo.com/company/healthalliance-of-the-hudson-valley
"id": "hea000033125",
"linkid": "healthalliance-of-the-hudson-valley",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '240,000',
'industry': 'Healthcare',
'location': 'Hudson Valley',
'name': 'HealthAlliance',
'type': 'Healthcare Facility Operator'}],
'data_breach': {'number_of_records_exposed': '240,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and Medical '
'Information'},
'description': 'HealthAlliance, a Hudson Valley healthcare facility operator, '
'was fined $550,000 by the New York State Attorney General for '
'failing to secure the personal and medical information of '
"over 240,000 New Yorkers. The healthcare facility's "
'vulnerability led to a cyber-attack after it neglected to '
'apply a critical patch notified by its vendor, resulting in a '
'significant data breach compromising patient data.',
'impact': {'data_compromised': 'Personal and Medical Information',
'financial_loss': '$550,000',
'legal_liabilities': 'Fined by New York State Attorney General'},
'post_incident_analysis': {'root_causes': 'Failure to apply a critical patch'},
'regulatory_compliance': {'fines_imposed': '$550,000'},
'title': 'HealthAlliance Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unpatched System'}