New York Attorney General Letitia James recouped $550,000 from a medical management company, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp. (Practicefirst), for failing to protect New Yorkers’ personal information, including health records. Practicefirst’s failure to make a timely software update made their networks susceptible to a cyberattack, which affected more than 1.2 million individuals nationwide, including over 428,000 New Yorkers. Practicefirst’s data security failures violated both state law and the federal Health Insurance Portability and Accountability Act (HIPAA). As a result of today’s agreement, Practicefirst has agreed to pay $550,000 in penalties to New York, strengthen its data security practices, and offer affected consumers free credit monitoring services.
