New York’s Department of Financial Services reached a $4.5 million settlement with EyeMed Vision Care over Cybersecurity Regulation violations that led to a July 2020 breach. The DFS found EyeMed’s failure to conduct adequate risk assessments, implement multifactor authentication, and limit user access privileges enabled a threat actor to access its email mailbox containing more than six years of consumers’ sensitive and personal health data. Under the settlement, EyeMed will conduct a cybersecurity risk assessment and develop a plan to address identified risks. Editor’s note: New York Attorney General Letitia James spoke with The Privacy Advisor about protecting consumer privacy, enforcement actions and potential federal privacy legislation.
24 Oct. 2022
New York’s DFS reaches $4.5M settlement with health insurance provider
Related stories
Notes from the IAPP Canada: Consultation period on CBPR implementation ends 30 June
CPPA Board tees up new consultation on draft ADMT, cybersecurity audit, risk assessment regulations
Ireland's DPC finalizes TikTok decision with potential data transfer ban
A view from DC: Colorado considers re-forging AI guardrails
Biometric promises, regulatory gaps: Why Canada needs a new approach to facial recognition technology
