Negligent Security Measures Continue To Cost Healthcare Organizations

January 29, 2025

East River Medical Imaging, a radiology clinic with multiple locations in New York, has settled a data breach lawsuit for $1.85 million.

The breach, which occurred between August 31 and September 20, 2023, compromised sensitive patient information, including social security numbers, medical records, and financial details. Over 600,000 individuals were affected.

The settlement offers reimbursement for documented losses up to $7,500 and provides a year of free credit monitoring and identity theft protection.  https://eastsidefeed.com/odds-and-ends/upper-east-side-radiology-center-settles-data-breach-lawsuit-for-1-85-million/ (Oct. 19, 2024).

Commentary

The breach of East River was attributed to negligent security measures by the source.

"Negligent security measures" is a broad and ambiguous term that trial attorneys and others use when they do not know the source of the breach. They simply know, or believe, that a breach occurred because data tied to the defendant ends up on the dark web.

Common negligent security measures include lack of encryption, using outdated software, insufficient security training, poor network security, failure to patch software and inadequate security patches.

Another negligent security measure that is both an institutional and personal vulnerability is the use of weak passwords.

Below is a checklist on risky passwords and password practices:

  • Simple passwords
    • 123456
    • Password
    • Qwerty
  • Short passwords
    • okgo
    • 1234
  • Single word passwords
    • Admin
    • guest
    • Welcome
    • Monkey
  • Personal passwords
    • Names
    • Birthdates
    • Pet names
  • Dictionary passwords
    • Common words found in a dictionary
  • Default passwords
    • Passwords provided by a manufacturer/developer
  • Predictable patterns/sequences
    • Abcd1234
    • Aabbccddeeffgg
    • 111111
    • 1a2b3c4d
  • Keyboard patterns
    • Qwerty
    • Asdfgh
    • 1q2w3e4r
  • Common substitutions of numbers/special characters for letters
    • P@ssw0rd
    • Pa55w0rd
    • Pa$$w0rd
  • Incremental or pattern changes to a password
    • Changing from "qwerty1" to "qwerty2"
  • Same password used for multiple, different accounts
  • Sharing passwords
  • Passwords not regularly altered/updated
  • Passwords not altered/updated after a security breach/warning
  • Passwords not altered/updated after voluntary disclosure for repairs/troubleshooting/other reasons
  • Unsecured passwords
  • Default passwords
Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Use Common Sense Cybersecurity To Limit Access And Exposure To Malware

A particularly nasty malware strain is reemerging, and defense models are offered to counter. We discuss one way to limit exposure that is just common sense cybersecurity.

Negligent Security Measures Continue To Cost Healthcare Organizations

A radiology clinic is tagged with a million-dollar-plus data breach settlement. The plaintiffs cite negligent security measures as the reason. What does that mean? We answer.

Tip-Related FLSA Violations: A Danger Zone For Employers

Employers who make sure tip pools comply with FLSA requirements can avoid this growing risk. We examine.

Would A Four-Day Workweek Work For U.S. Employers? You Make The Call

Employees in the United Kingdom with four-day workweeks report greater productivity and higher satisfaction. Would a four-day workweek work for U.S. employers? You make the call.

Nothing Perfect About The "Perfctl" Malware Strain: How Can It Harm Your Organization?

"Perfctl" is a new malware strain and it is creating concern. Why is it a huge risk?