NYDFS Fines Health Insurer EyeMed $4.5 Million For Cybersecurity Violations After Mandatory Self-Report
October 26, 2022
On October 18, 2022, the New York Department of Financial Services announced a $4.5 million penalty against health insurer EyeMed Vision Care LLC (“EyeMed”) for violations of the Department’s Cybersecurity Regulation that contributed to a July 1, 2020 data breach that exposed sensitive, non-public consumer health data of New York residents. Notably, NYDFS learned about the breach after EyeMed reported the incident, as required by the Cybersecurity Regulation. The penalty is a reminder to companies in scope of the regulation to make sure to review their compliance before an incident, a costly lesson more and more companies are learning from NYDFS.
Download PDF