Attorney General James Secures 400000 from Dental Insurance Provider for Failing to Protect Patient Data LongIslandcom
pLocal Newspp
By Chris Boyle
Published December 11 2023
ppHealthplexâs Data Breach Compromised the Personal and Medical Data of Nearly 64000 New Yorkerspp
New York Attorney General Letitia James today secured 400000 from one of New Yorks largest dental insurance providers Healthplex Inc Healthplex for failing to properly protect the personal and medical information of New Yorkers Healthplex a Long Islandbased company had inadequate data security practices that made it susceptible to a data breach attack that compromised the personal and private information of 89955 individuals of which 63922 were New York residents As a result of this agreement Healthplex has agreed to strengthen its data security practices pp
Visiting a dentists office can be a stressful experience without having the added concern that personal and medical data could be stolen by bad actors said Attorney General James Insurers like all companies charged with holding on to sensitive information have an obligation to ensure that data is safeguarded and doesnt fall into the wrong hands New Yorkers can rest assured that when my office is made aware of data breaches we will drill down and get to the root of the problem pp
In late November 2021 an unknown individual sent a phishing email to a Healthplex employee requesting the employee to enter their login credentials On November 24 2021 the hacker gained access to the employees account which contained over 12 years of emails Some of the exposed emails contained sensitive customer enrollment information including names member identification numbers insurance group names and numbers addresses dates of birth credit card numbers banking information Social Security numbers and member portal usernames and passwords The Office of the Attorney Generals investigation concluded that by failing to implement multifactor authentication for remote email access Healthplex failed to adopt reasonable data security practices to protect patients personal and health information pp
As a result of todays agreement Healthplex has agreed to pay a 400000 penalty and to adopt a series of procedures designed to strengthen their cybersecurity practices going forward including pp
Todays agreement continues Attorney General James efforts to protect New Yorkers personal information and hold companies accountable for their poor data security practices In November Attorney General James secured 450000 from US Radiology for failing to protect patient data In October Attorney General James secured 350000 from Long Island health care company Personal Touch for failing to secure the data of 300000 New Yorkers Also in October Attorney General James and a multistate coalition secured 495 million from cloud company Blackbaud for a 2020 data breach exposing the data of thousands of users In September Attorney General James reached an agreement with Marymount Manhattan College to invest 35 million to protect students online data In May Attorney General James recouped 550000 from a medical management company for failing to protect patient data In April Attorney General James released a comprehensive data security guide to help companies strengthen their data security practices pp
This matter was handled by Assistant Attorney General Marc Montgomery and Deputy Bureau Chief Clark Russell of the Bureau of Internet and Technology under the supervision of Bureau Chief Kim Berger The Bureau of Internet and Technology is a part of the Division for Economic Justice which is led by Chief Deputy Attorney General Chris DAngelo The Division of Economic Justice is overseen by First Deputy Attorney General Jennifer Levy pp
ppAdvertise With UsppppSeasonal Fun Festivals Events emailed to your inbox every Fridayp
By Chris Boyle
Published December 11 2023
ppHealthplexâs Data Breach Compromised the Personal and Medical Data of Nearly 64000 New Yorkerspp
New York Attorney General Letitia James today secured 400000 from one of New Yorks largest dental insurance providers Healthplex Inc Healthplex for failing to properly protect the personal and medical information of New Yorkers Healthplex a Long Islandbased company had inadequate data security practices that made it susceptible to a data breach attack that compromised the personal and private information of 89955 individuals of which 63922 were New York residents As a result of this agreement Healthplex has agreed to strengthen its data security practices pp
Visiting a dentists office can be a stressful experience without having the added concern that personal and medical data could be stolen by bad actors said Attorney General James Insurers like all companies charged with holding on to sensitive information have an obligation to ensure that data is safeguarded and doesnt fall into the wrong hands New Yorkers can rest assured that when my office is made aware of data breaches we will drill down and get to the root of the problem pp
In late November 2021 an unknown individual sent a phishing email to a Healthplex employee requesting the employee to enter their login credentials On November 24 2021 the hacker gained access to the employees account which contained over 12 years of emails Some of the exposed emails contained sensitive customer enrollment information including names member identification numbers insurance group names and numbers addresses dates of birth credit card numbers banking information Social Security numbers and member portal usernames and passwords The Office of the Attorney Generals investigation concluded that by failing to implement multifactor authentication for remote email access Healthplex failed to adopt reasonable data security practices to protect patients personal and health information pp
As a result of todays agreement Healthplex has agreed to pay a 400000 penalty and to adopt a series of procedures designed to strengthen their cybersecurity practices going forward including pp
Todays agreement continues Attorney General James efforts to protect New Yorkers personal information and hold companies accountable for their poor data security practices In November Attorney General James secured 450000 from US Radiology for failing to protect patient data In October Attorney General James secured 350000 from Long Island health care company Personal Touch for failing to secure the data of 300000 New Yorkers Also in October Attorney General James and a multistate coalition secured 495 million from cloud company Blackbaud for a 2020 data breach exposing the data of thousands of users In September Attorney General James reached an agreement with Marymount Manhattan College to invest 35 million to protect students online data In May Attorney General James recouped 550000 from a medical management company for failing to protect patient data In April Attorney General James released a comprehensive data security guide to help companies strengthen their data security practices pp
This matter was handled by Assistant Attorney General Marc Montgomery and Deputy Bureau Chief Clark Russell of the Bureau of Internet and Technology under the supervision of Bureau Chief Kim Berger The Bureau of Internet and Technology is a part of the Division for Economic Justice which is led by Chief Deputy Attorney General Chris DAngelo The Division of Economic Justice is overseen by First Deputy Attorney General Jennifer Levy pp
ppAdvertise With UsppppSeasonal Fun Festivals Events emailed to your inbox every Fridayp
