New York’s Department of Financial Services reached a $4.5 million settlement with EyeMed Vision Care over Cybersecurity Regulation violations that led to a July 2020 breach. The DFS found EyeMed’s failure to conduct adequate risk assessments, implement multifactor authentication, and limit user access privileges enabled a threat actor to access its email mailbox containing more than six years of consumers’ sensitive and personal health data. Under the settlement, EyeMed will conduct a cybersecurity risk assessment and develop a plan to address identified risks. Editor’s note: New York Attorney General Letitia James spoke with The Privacy Advisor about protecting consumer privacy, enforcement actions and potential federal privacy legislation.
If you want to comment on this post, you need to login.