EyeMed Fined $600k Over Data Breach

EyeMed Fined $600k Over Data Breach

An Ohio-based healthcare provider has been fined $600k over a data breach that exposed the records of 2.1 million patients across America. 

Cyber-criminals targeted EyeMed Vision Care in June 2020. Attackers gained access to an EyeMed email account to which EyeMed clients sent sensitive consumer data relating to vision benefits enrollment and coverage.

During the week-long intrusion, threat actors were able to view emails and attachments dating back six years. Contained within those emails and attachments was sensitive information that included consumers’ names, addresses, Social Security numbers and insurance account numbers.

In July 2020, the attackers used the compromised EyeMed account to launch a phishing attack against EyeMed clients. Approximately 2,000 emails were sent asking clients for their EyeMed account login credentials.

The healthcare provider’s IT department became aware of the phishing campaign when they started receiving emails from concerned clients who the attackers had targeted. EyeMed subsequently secured the compromised email account and launched an investigation.

The Office of the Attorney General determined that the affected email account had not been secured with multi-factor authentication at the time of the attack, despite being accessible via a web browser.

It was further determined that EyeMed failed to

Read More: https://www.infosecurity-magazine.com/news/eyemed-fined-600k-over-data-breach/