Hospital will pay $300,000 for data breach
The state attorney general announced Dec. 27 that NewYork-Presbyterian Hospital will pay a $300,000 fine for disclosing the health information of at least 54,000 people who visited its website between 2016 and 2022.
Attorney General Letitia James said in a statement that her office’s investigation had found that the hospital used tools that collected and shared private and personal information with third-party tech companies when visitors searched for doctors or booked appointments, in violation of the Health Insurance Portability and Accountability Act (HIPAA).
NewYork-Presbyterian operates 10 hospitals, including one in Cortlandt. The attorney general said that snippets of code sent information to Facebook that, in some cases, could identify patients and what they searched for. The hospital was alerted in June 2022 after an investigation by TheMarkup.org, which found that 33 of the nation’s top 100 hospitals were using the Meta Pixel tracker.
Behind The Story
News: Based on facts, either observed and verified directly by the reporter, or reported and verified from knowledgeable sources.