On Nov. 8, the New York Attorney General (NYAG) secured $450,000 in civil penalties, attorneys’ fees and other investigative costs from US Radiology Specialists Inc. for failing to protect its patients’ personal and health care data.[1] US Radiology is one of the nation’s largest private radiology groups and provides managed services for several partner companies.
To protect its network and its partner companies’ networks, US Radiology uses a firewall sold by SonicWall. In January 2021, SonicWall stated that there had been “[a] coordinated attack on its internal systems” conducted by “highly sophisticated threat actors” and released a firmware patch to address the vulnerability. However, to support the newly released firmware patch, US Radiology needed a hardware replacement. US Radiology scheduled a hardware replacement for July 2021, but the replacement was delayed due to resource restraints and competing priorities.