US Radiology hit with $450K fine for ransomware-related breach

Major U.S. private radiology firm US Radiology has been imposed a $450,000 penalty by New York Attorney General Letitia James following its failure to remediate a SonicWall vulnerability that led to a ransomware attack in 2021, which compromised nearly 200,000 individuals' sensitive data, according to The Record, a news site by cybersecurity firm Recorded Future. Aside from the fine, US Radiology has also been mandated to implement IT network upgrades, establish a penetration testing program, enlist a data security program manager, ensure sensitive patient data encryption, delete unneeded patient data, and submit reports certifying adherence for two years. "US Radiology failed to protect New Yorkers data and was vulnerable to attack because of outdated equipment. In the face of increasing cyberattacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems," said James. Such a development follows the introduction of updated New York cybersecurity rules requiring ransomware payment reporting and other customer data protection measures among regulated entities across the state.