The State of New York Fines EyeMed $4.5 Million For 2020 Data Breach
The state of New York has slapped EyeMed Vision Care with yet another fine over its massive 2020 email hack and healthcare data breach. This time the vision benefits company will pay a $4.5 million penalty for multiple security violations that “contributed to” the data exposure.
The state’s investigation into the insurer found “EyeMed’s lack of compliant cybersecurity risk assessment to evaluate and address the risks to its information systems and non-public information stored on its networks left EyeMed vulnerable to threat actors, including the threat actor who initiated the cyber event,” according to the report.
The settlement was announced as part of New York’s Department of Financial Services’ cybersecurity regulation that mandates a set of responsible security standards for businesses. Drawn into effect in March 2017, it “served as a model for other regulators,” including the FTC, multiple states, and other security models.
