NY AG Fines US Radiology $450K After Unpatched Bug Led to Ransomware Attack

cyber attack

One of the nation’s largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients.

In an agreement announced Wednesday, New York Attorney General Letitia James said US Radiology failed to remediate a vulnerability announced by security company SonicWall in January 2021.

US Radiology used the company’s firewall to protect its network and provide managed services for many of its partner companies, including the Windsong Radiology Group, which has six facilities across Western New York.

The vulnerability highlighted by the attorney general — CVE-2021-20016 — was used by ransomware gangs in several attacks, The Record reports. Read more

Related Posts