chevron-down Created with Sketch Beta.
October 28, 2022

New York Department of Financial Services Announces $4.5 Million Settlement with EyeMed Vision Care Related to Breach

Last week, the New York Department of Financial Services (“DFS”) announced a $4.5 million settlement with EyeMed Vision Care LLC (“EyeMed”) for violations of DFS’s Cybersecurity Regulation protecting patients’ health data. On July 1, 2020, a phishing attack against EyeMed resulted in a malicious actor gaining access to an email account that contained six years’ of consumers’ non-public information (“NPI”). An investigation revealed that EyeMed had failed to comply with several requirements of the Cybersecurity Regulation, including implementing multi-factor authentication, maintaining secure access controls for their email system, and conducting an adequate risk assessment. In addition to paying the $4.5 million fine, EyeMed agreed to implement remedial measures as part of the settlement.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.