An Ohio-based healthcare provider has been fined 600k Data breach Which has released a record of 2.1 million patients across the United States.
Cyber criminals have been targeted Imed Vision Care In June 2020, attackers gained access to an EyeMed email account where EyeMed clients send sensitive consumer data related to vision benefit listing and coverage.
During the week-long intrusion, threatening actors were able to see emails and attachments from six years ago. These emails and attachments contained sensitive information, including customer names, addresses, social security numbers, and insurance account numbers.
In July 2020, attackers used the compromised EyeMed account to launch a phishing attack against EyeMed clients. About 2,000 emails were sent asking clients for their EyeMed account login credentials.
The IT department of the healthcare provider became aware of the phishing campaign when they started receiving emails from concerned clients whom the attackers had targeted. EyeMed subsequently secured the compromised email account and launched an investigation.
The Attorney General’s Office determined that the affected email account was not protected with multi-factor authentication at the time of the attack, even though it was accessible through a web browser.
It was further determined that EyeMed Documentation failed to properly implement adequate password management requirements for the email account and failed to maintain adequate logging of its email accounts.
On Monday, New York Attorney General Leticia James Dr. Announcement That EyeMed 2020 agreed to pay New York State $ 600k to resolve the data breach.
“New Yorkers should have every assurance that their personal health information will be kept confidential and secure,” said Attorney General James.
“IMED has betrayed that trust by failing to monitor its own security, compromising the personal information of millions of people.”
The data breach affected 98,632 New Yorkers. James said he wanted the deal to signal New York’s continued commitment to holding companies accountable.
“My office continues to actively monitor the state for any potential breaches, and we will continue to do everything in our power to protect New Yorkers and their personal information,” he added.
