Montefiore Medical Center shells out $48M for insider data breach

February 8, 2024
1 min read

The Montefiore Medical Center has reached a settlement of $4.8 million with the US Department of Health and Human Services (HHS) following an investigation into an insider data breach. The breach was discovered after police informed the hospital of an employee who had been selling patient information to criminals. The employee had inappropriately accessed 12,517 patient records from January to June 2013, and sold the data to an identity theft ring. The HHS found that Montefiore had “multiple potential failures” in its data security systems that allowed for the breach to occur. Alongside the settlement, Montefiore has agreed to a corrective action plan and two years of federal monitoring.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and