New York Attorney General Letitia James secured $550,000 from HealthAlliance, a Hudson Valley Healthcare facility operator, for failing to protect the data of over 240,000 patients. An investigation found the healthcare facility didn’t patch a system vulnerability despite a vendor’s alert, leading to a cyber-attack. HealthAlliance is required to pay the penalty and bolster its data security practices.

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted