"In August, the New York State Department of Financial Services reached agreement with Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2 million civil penalty after a hacker executed a phishing attack on an employee's email and gained access to the private health data and sensitive nonpublic information of tens of thousands of Healthplex consumers. Eight years in the making, the final phase of New York's groundbreaking Cybersecurity Regulation Part 500 takes effect Nov. 1."
"New York was the first state in the nation to mandate cybersecurity standards across the financial services sector when the state's Department of Financial Services instituted Cybersecurity Regulation in 2017. The regulation was last amended in November of 2023 to protect New York businesses and consumers from cyber threats such as ransomware, extortion and third-party breaches. The state has phased in the amended requirements over the past two years and the last took effect Nov. 1."
A phishing attack on a Healthplex employee email led to a data breach and a $2 million civil penalty. The final phase of New York's Cybersecurity Regulation Part 500 takes effect Nov. 1. The regulation requires licensed financial institutions to implement comprehensive cybersecurity programs, including written security plans, risk assessments, vulnerability testing, third-party vendor data management, multi-factor authentication for certain access, incident response plans and annual reports from the chief information security officer. Covered entities must certify compliance annually. The regulation was amended in November 2023 and phased in over two years to address ransomware, extortion and third-party breaches.
Read at www.amny.com
Unable to calculate read time
Collection
[
|
...
]