New York Attorney General Letitia James secured $350,000 from a Long Island-based home healthcare company, Personal Touch Holding Corporation (Personal Touch), for failing to protect vulnerable New Yorkers’ personal information and healthcare data. Personal Touch’s poor data security made it vulnerable to a ransomware attack that compromised the personal and medical information of approximately 316,845 New Yorkers. Personal Touch’s data security failures violated both state law and the federal Health Insurance Portability and Accountability Act (HIPAA), which required Personal Touch to adhere to specific data protection practices. As a result of the agreement, Personal Touch has agreed to pay $350,000 in penalties to New York, update and improve their cybersecurity infrastructure, and offer free credit monitoring and identity theft services to affected individuals. In addition, Attorney General James secured $100,000 from an insurance software vendor for compromising Personal Touch employees’ data.
