Cost of a health insurance security breach? NY watchdogs say it's $4.5m

2022-10-19 23:54

The data snafu dates back to 2020, and, according to EyeMed, it's likely the result of one of its people falling for a phish.

The investigation later revealed that the intrusion ran from around June 24 to July 1, 2020, during which time miscreants read and stole emails and attachments containing consumers' non-public health information, including data concerning minors, that date back six years prior to the cyberattack.

Cost? $1.9m Mormon Church IT ransacked, data stolen by 'state-sponsored' cyber-thieves Robinhood's crypto unit hit with $30m fine over security, anti-crime misses Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks.

EyeMed should have limited user access privileges to the compromised mailbox and not allowed nine employees to share login credentials, according to DFS. The company also failed to implement sufficient data retention and disposal processes, thus giving the thief access to the six-plus years of people's private data.

Last week, online retailer Zoetop agreed to fork out $1.9 million after account data belonging to 46 million customers was stolen in 2018.

Over the summer, the DFS fined Robinhood's cryptocurrency operations $30 million and Carnival Cruise Lines $5 million for violating New York's cybersecurity regulations.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/19/eyemed_data_breach_settlement/

#breach #insurance #security

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Health		2	1	6	1	0	8

News URL

Related news

Related vendor