Healthplex experienced a phishing attack in 2021 that compromised an employee's email account, affecting around 90,000 people. The New York Attorney General investigated the breach under various laws, identifying fails in their security measures, including the absence of multi-factor authentication. Although Healthplex responded quickly to mitigate the attack, it struggled to determine the extent of data accessed due to poor logging. Ultimately, they settled for $400,000 to address the findings and improve their security posture, highlighting potential inequities in enforcement outcomes for proactive entities.
In 2021, Healthplex suffered a phishing attack resulting in compromised emails and affecting almost 90,000 individuals, following which the New York Attorney General initiated an investigation.
The New York Attorney General's investigation cited violations related to multiple laws, holding Healthplex accountable for lacking multi-factor authentication and a data retention policy.
Despite swift action by Healthplex to mitigate the breach, the lack of a comprehensive logging system prevented a complete understanding of the attack's scope.
Ultimately, Healthplex faced a $400,000 penalty due to enforcement actions for security failures, despite efforts made in other areas of data protection.
Collection
[
|
...
]