chevron-down Created with Sketch Beta.
October 28, 2022

New York Department of Financial Services Announces $4.5 Million Settlement with EyeMed Vision Care Related to Breach

Last week, the New York Department of Financial Services (“DFS”) announced a $4.5 million settlement with EyeMed Vision Care LLC (“EyeMed”) for violations of DFS’s Cybersecurity Regulation protecting patients’ health data. On July 1, 2020, a phishing attack against EyeMed resulted in a malicious actor gaining access to an email account that contained six years’ of consumers’ non-public information (“NPI”). An investigation revealed that EyeMed had failed to comply with several requirements of the Cybersecurity Regulation, including implementing multi-factor authentication, maintaining secure access controls for their email system, and conducting an adequate risk assessment. In addition to paying the $4.5 million fine, EyeMed agreed to implement remedial measures as part of the settlement.

Entity:
Topic:
The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.