Significant cyber investment, fines part of Refuah Health’s ransomware settlement

New York-based Refuah Health Center has been compelled by state Attorney General Letitia James to allocate more than $1.2 million to strengthen its cybersecurity posture through more robust patient data security, multi-factor authentication, and semi-annual security audits, as part of its settlement of a Lorenz ransomware attack in May 2021 that compromised the data of over 260,740 individuals, reports The Record, a news site by cybersecurity firm Recorded Future. The deal also requires Refuah Health to pay $450,000 for its negligence in securing patient data, which will be paid in annual increments of $117,000 although it will be given a $100,000 deduction if it achieves its cybersecurity investment goal from 2024 to 2028. "This agreement will ensure that Refuah is taking the appropriate steps to protect patient data while also providing affordable health care. Strong data security is critically necessary in todays digital age and my office will continue to protect New Yorkers data from companies with inadequate cybersecurity," said James.