NYDFS Fines Health Insurer EyeMed $4.5 Million For Cybersecurity Violations After Mandatory Self-Report

October 26, 2022

On October 18, 2022, the New York Department of Financial Services announced a $4.5 million penalty against health insurer EyeMed Vision Care LLC (“EyeMed”) for violations of the Department’s Cybersecurity Regulation that contributed to a July 1, 2020 data breach that exposed sensitive, non-public consumer health data of New York residents. Notably, NYDFS learned about the breach after EyeMed reported the incident, as required by the Cybersecurity Regulation. The penalty is a reminder to companies in scope of the regulation to make sure to review their compliance before an incident, a costly lesson more and more companies are learning from NYDFS.

Download PDF

Clifford Chance

Briefings

NYDFS Fines Health Insurer EyeMed $4.5 Million For Cybersecurity Violations After Mandatory Self-Report

October 26, 2022

Celeste Koeleveld

Partner

New York

Megan Gordon

Office Managing Partner, Washington, DC

Washington D.C.

Devika Kornbacher

Co-Chair, Global Tech Group and Office Managing Partner, Houston

New York; Houston

Dennis Manfredi

Partner

New York

Daniel Silver (He/Him)

Partner

New York

Eugene Benger

Counsel

New York

Brian Yin

Associate

Washington D.C.

Office Managing Partner, Washington, DC

Washington D.C.

Co-Chair, Global Tech Group and Office Managing Partner, Houston

New York, Houston

Partner

New York

Partner

New York

Counsel

New York

Associate

Washington D.C.

Toolkits & Client Log-in