• Home
  • cyber
  • Omni Healthcare: Tong calls for stronger data privacy laws in CT after rise in breaches
cyber Ransomware

Omni Healthcare: Tong calls for stronger data privacy laws in CT after rise in breaches

Jan 1, 2025 2 min read
Omni Healthcare: Tong calls for stronger data privacy laws in CT after rise in breaches

Connecticut AG Pushes for Stronger Data Privacy Laws After Surge in Breaches and Compliance Failures

Connecticut Attorney General William Tong announced plans to strengthen the state’s data privacy laws following the release of the 2025 enforcement report under the Connecticut Data Privacy Act (CTDPA), enacted in 2022. The report highlights a sharp rise in data breaches, compliance violations, and gaps in existing protections particularly for minors and emerging technologies.

In 2025 alone, the state received over 1,800 breach notifications, a record high, and issued 63 warning letters to companies failing to safeguard consumer data. Some cases resulted in multimillion-dollar settlements, while others remain under investigation. A notable enforcement action involved Omni Healthcare, which faced a $100,000 fine for delaying breach disclosure for 14 months after a January 2024 ransomware attack. The company did not report the incident until April 2025, violating state reporting requirements.

Tong emphasized that current exemptions in the CTDPA leave residents vulnerable, particularly as technologies like AI, geolocation tracking, and chatbots evolve faster than regulations. His office is prioritizing minors’ privacy, launching investigations into platforms accused of exposing children’s sensitive data to security risks. Research cited by State Senator James Maroney found that 75% of teenagers have interacted with companion chatbots an issue not addressed in the 2022 law.

Legislative proposals for the 2026 session aim to close these gaps, including stricter definitions of "sensitive data", new AI disclosure rules, and a standalone genetic data privacy law. The report also recommends narrowing the definition of "publicly available information" to ensure broader protections. Maroney, a co-chair of the general law committee, stressed the need for updates to account for unforeseen risks, such as chatbots and social media platforms targeting youth.

The findings underscore the CTDPA’s limitations in addressing modern threats, prompting calls for legislative action to align privacy protections with technological advancements.

Source: https://www.wshu.org/connecticut-news/2026-02-06/ct-stronger-data-privacy-laws-wiliiam-tong

OMNI Healthcare (dba The Trio Solution) cybersecurity rating report: https://www.rankiteo.com/company/omnihealthcare

"id": "OMN1770408863",
"linkid": "omnihealthcare",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Connecticut, USA',
                        'name': 'Omni Healthcare',
                        'type': 'Healthcare'}],
 'attack_vector': 'Ransomware',
 'date_detected': '2024-01',
 'date_publicly_disclosed': '2025-04',
 'description': 'Omni Healthcare faced a $100,000 fine for delaying breach '
                'disclosure for 14 months after a January 2024 ransomware '
                'attack. The company did not report the incident until April '
                "2025, violating Connecticut's data breach reporting "
                'requirements under the CTDPA.',
 'impact': {'financial_loss': '$100,000 (fine)',
            'legal_liabilities': 'Violation of CTDPA reporting requirements'},
 'investigation_status': 'Under investigation (some cases)',
 'lessons_learned': 'Current data privacy laws, such as the CTDPA, have gaps '
                    'in addressing modern threats like AI, geolocation '
                    'tracking, and chatbots, particularly in protecting '
                    "minors' sensitive data.",
 'post_incident_analysis': {'root_causes': 'Delayed breach disclosure, '
                                           'compliance failures under CTDPA'},
 'recommendations': ["Strengthen definitions of 'sensitive data'",
                     'Introduce AI disclosure rules',
                     'Enact a standalone genetic data privacy law',
                     "Narrow the definition of 'publicly available "
                     "information'",
                     'Update laws to address risks from chatbots and social '
                     'media platforms targeting youth'],
 'references': [{'source': "Connecticut Attorney General's 2025 Enforcement "
                           'Report'}],
 'regulatory_compliance': {'fines_imposed': '$100,000',
                           'regulations_violated': ['Connecticut Data Privacy '
                                                    'Act (CTDPA)'],
                           'regulatory_notifications': '63 warning letters '
                                                       'issued in 2025 for '
                                                       'compliance failures'},
 'response': {'communication_strategy': 'Delayed disclosure (14 months)'},
 'title': 'Omni Healthcare Data Breach and Compliance Failure',
 'type': 'Data Breach, Compliance Violation'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.