NEW YORK (Legal Newsline) — New York Attorney General Eric T. Schneiderman announced June 15 that CoPilot Provider Support Services Inc. (CoPilot), a company providing support services to the health industry, will pay $130,000 and improve its legal compliance program after allegations of violating the state’s General Business Law.
According to Schneiderman’s office, CoPilot waited more than a year to provide notice to the state that a data breach exposed 221,178 patient records. The company’s website is used by physicians to help find insurance information for various medications. On Oct. 25, 2015, an unauthorized individual hacked the website and gained access to the name, gender, date of birth, address, phone number and medical insurance card information for patients in the system.
“Health care services providers have a duty to protect patient records as securely as possible and to provide notice when a breach occurs,” Schneiderman said. “Waiting [more than] a year to provide notice is unacceptable. My office will continue to hold businesses accountable to their responsibility to protect customers’ private information.”
Handling the case for the state were the Bureau of Internet and Technology deputy bureau chief Clark Russell and assistant attorney general Jordan Adler, under the supervision of bureau chief Kathleen McGee. Executive deputy attorney general for economic justice Manisha M. Sheth oversees the Bureau of Internet and Technology.