Hospital will pay $300,000 for data breach

The state attorney general announced Dec. 27 that NewYork-Presbyterian Hospital will pay a $300,000 fine for disclosing the health information of at least 54,000 people who visited its website between 2016 and 2022.

Attorney General Letitia James said in a statement that her office’s investigation had found that the hospital used tools that collected and shared private and personal information with third-party tech companies when visitors searched for doctors or booked appointments, in violation of the Health Insurance Portability and Accountability Act (HIPAA).

NewYork-Presbyterian operates 10 hospitals, including one in Cortlandt. The attorney general said that snippets of code sent information to Facebook that, in some cases, could identify patients and what they searched for. The hospital was alerted in June 2022 after an investigation by TheMarkup.org, which found that 33 of the nation’s top 100 hospitals were using the Meta Pixel tracker.

Behind The Story

Type: News

News: Based on facts, either observed and verified directly by the reporter, or reported and verified from knowledgeable sources.

Articles attributed to "staff" are written by the editor or a senior editor. This is typically because they are brief items based on a single source, such as a press release, or there are multiple contributors, such as a collection of photos.

Leave a comment

The Current welcomes comments on its coverage and local issues. All online comments are moderated, must include your full name and may appear in print. See our guidelines here.