{"id":45003,"date":"2022-01-26T14:35:07","date_gmt":"2022-01-26T14:35:07","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33042\/New-York-Fines-EyeMed-600k-After-Data-Breach-Investigation-Finds-Security-Flaws.html"},"modified":"2022-01-26T14:35:07","modified_gmt":"2022-01-26T14:35:07","slug":"new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/","title":{"rendered":"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws"},"content":{"rendered":"<div>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/cdn.scmagazine.com\/wp-content\/uploads\/2022\/01\/GettyImages-1319289050.jpg\" alt class=\"wp-image-208711\"><figcaption>New York Attorney General Letitia James announced the state has reached a settlement with EyeMed to resolve allegations of security failings found during an investigation of a 2020 email hack.<br \/>\n(Photo by Michael M. Santiago\/Getty Images)<\/figcaption><\/figure>\n<\/div>\n<p>EyeMed reached a $600,000 <a href=\"https:\/\/ag.ny.gov\/press-release\/2022\/attorney-general-james-announces-600000-agreement-eyemed-after-2020-data-breach\" target=\"_blank\" rel=\"noreferrer noopener\">settlement<\/a> with the state of New York to resolve a number of allegations against its data security program, revealed during the state\u2019s <a href=\"https:\/\/ag.ny.gov\/sites\/default\/files\/eyemed_aod_-_final_-_fully_signed.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">investigation<\/a> into the healthcare business associate following a 2020 data breach that impacted 2.1 million individuals.<\/p>\n<p>Eyecare giant Luxottica owns EyeMed, which provides vision benefits for a number of health insurance companies.<\/p>\n<p>\u201cEyeMed betrayed trust by failing to keep an eye on its own security system, which in turn compromised the personal information of millions of individuals,\u201d New York Attorney General Letitia James said in a statement.&nbsp;<\/p>\n<p>\u201cLet this agreement signal our continued commitment to holding companies accountable and ensuring that they are looking out for New Yorkers\u2019 best interest,\u201d she added. \u201cMy office continues to actively monitor the state for any potential violations, and we will continue to do everything in our power to protect New Yorkers and their personal information.\u201d<\/p>\n<p>In December 2020, EyeMed reported falling victim to an email hack that was first discovered several months earlier in July. An attacker gained access to an employee email account and sent<a href=\"https:\/\/www.scmagazine.com\/analysis\/email-security\/phishing-scams-capitalize-on-vaccine-push-ups-com-flaw-and-text-to-email-service\" target=\"_blank\" rel=\"noreferrer noopener\"> phishing emails<\/a> to contacts found in the account\u2019s address book on July 1.<\/p>\n<p>What was not disclosed in EyeMed\u2019s breach notification was that the impacted account was an enrollment account tied to EyeMed clients, and the attacker sent at least 2,000 phishing emails from the account after gaining access.<\/p>\n<p>The emails \u201cpurported to be a request for proposal to deceive recipients into providing credentials to the attacker. Later the same day, EyeMed\u2019s IT department observed the transmission of these phishing emails from the email account, and received inquiries from clients about the suspicious email.\u201d<\/p>\n<p>Further, while the breach notification said the account access was blocked and the mailbox secured on the same day it was discovered, the hack actually began on June 24, a week before it was discovered.<\/p>\n<p>EyeMed\u2019s investigation determined the account contained a trove of sensitive information from both current and former vision benefits members of multiple insurance clients, including 484,154 Aetna ACE plan members and 60,545 Tufts Health Plan members.<\/p>\n<p>The data included vision and health insurance account and identification numbers, Medicaid or Medicare numbers, driver\u2019s licenses, government IDs, and birth or marriage certificates. For some of the impacted members, the compromised information could include partial or full Social Security numbers, financial data, diagnoses, health conditions, treatments, and other data.<\/p>\n<h2>Problems meeting state law revealed during breach investigation<\/h2>\n<p>The state\u2019s investigation into the data breach revealed further insights into the hacking incident and identified key areas where EyeMed did not meet the requirements of New York\u2019s General Business Law.<\/p>\n<p>For one, EyeMed did not have multi-factor authentication implemented on the impacted account, \u201cdespite the fact that the account was accessible via a web browser and contained a large volume of consumers\u2019 sensitive personal information.\u201d<\/p>\n<p>The report found that the vendor was aware of the importance of MFA for reasonable data protections, as EyeMed required MFA for its virtual private network (VPN) for a number of years prior to the email incident.<\/p>\n<p>In addition, investigators determined EyeMed did not employ sufficient password management requirements for the impacted enrollment email account despite the web browser access point. The minimum password requirement for the account was just eight characters.<\/p>\n<p>\u201cThe password that the attacker used to gain access to the account was insufficiently complex given the sensitivity of the information in the enrollment account,\u201d according to the report. The findings show that EyeMed was aware of the importance of password complexity, as its requirements for accounts with elevated privileges were at least 12 characters.<\/p>\n<p>The report shows that EyeMed\u2019s settings allowed six failed login attempts before it would lock out a user.<\/p>\n<p>The state also determined EyeMed did not have adequate logging and monitoring of its email accounts, which made \u201cit difficult to investigate security incidents.\u201d EyeMed was using an Office 365 E3 license for the email account at the time of the hack, which provided limited logging capabilities and did not record logs for more than 90 days, or give visibility into user activities.<\/p>\n<p>As a result, EyeMEd couldn\u2019t see when email items were accessed, replied to, or forwarded beyond 90 days, nor could they identify when or what a user searched.<\/p>\n<p>The forensic cybersecurity firm brought on to investigate the incident in 2020 was thereby unable \u201cto definitively determine what emails or documents were accessed by the unauthorized user.\u201d<\/p>\n<p>The investigation also revealed that the hacked account contained customer information from six years prior to the breach, as the account was used by EyeMed clients to change vision coverage and held data that dated back to Jan. 3, 2014.<\/p>\n<p>The state asserted \u201cit was unreasonable to leave personal information in the affected email account for up to six years rather than to copy and store such information in more secure systems and delete the older messages from the affected email account, particularly in light of the unreasonable protections for the affected email account at the time of the breach.\u201d<\/p>\n<p>The findings show that EyeMed violated the state\u2019s Executive Law and the General Business Law. EyeMed did not confirm or deny the findings.<\/p>\n<h2>EyeMed must modify policies under settlement terms<\/h2>\n<p>Under the settlement, EyeMed must modify its policies and procedures to adhere to the state\u2019s laws for the collection, use, and maintenance of personal data. The vendor is also required to modify its information security program to, at a minimum, meet the requirements outlined in the report.<\/p>\n<p>The security program must meet reasonable administrative, technical, and physical safeguards appropriate for the complexity of EyeMed\u2019s operations and the sensitivity of the data in its possession.<\/p>\n<p>In addition to improving its authentication, logging, and access posture, EyeMed is now required to encrypt private information as required by the state\u2019s General Business law, \u201cwhether stored within the EyeMed computer network, or transmitted electronically within or outside the network, using a reasonable encryption algorithm where technically feasible.\u201d<\/p>\n<p>EyeMed is also required to maintain a reasonable pen testing program to identify and remediate vulnerabilities in its network, which must include routine pen testing, risk-based vulnerability ratings, and remediation practices consistent with industry standards.<\/p>\n<p>Most importantly, \u201cEyeMed shall permanently delete customer personal information when there is no reasonable business or legal purpose to retain it.\u201d The vendor must pay the $600,000 fine to the state within 45 days and provide certification that it\u2019s met these new security requirements.<\/p>\n<p>State settlements over healthcare data breaches have become increasingly common in the last two years, given the pandemic focus and as the Department of Health continues its focus on enforcing the right of access rule outlined in The Health Insurance Portability and Accountability Act.<\/p>\n<p>New Jersey has been particularly active in these enforcements, issuing fines for at least four healthcare companies in the last quarter, including <a href=\"https:\/\/www.scmagazine.com\/analysis\/breach\/fertility-clinic-reaches-495k-settlement-over-lax-cybersecurity-2017-data-breach\" target=\"_blank\" rel=\"noreferrer noopener\">Diamond Institute<\/a> for Infertility and Menopause, <a href=\"https:\/\/www.scmagazine.com\/analysis\/breach\/regional-cancer-care-to-pay-425k-to-new-jersey-over-2019-data-breach-hipaa-violations\" target=\"_blank\" rel=\"noreferrer noopener\">Regional Cancer<\/a> Care Associates, and two mailing and <a href=\"https:\/\/www.scmagazine.com\/analysis\/breach\/two-healthcare-vendors-to-pay-190k-settlement-over-breach-hipaa-failure\" target=\"_blank\" rel=\"noreferrer noopener\">printing vendors<\/a>.<\/p>\n<p>Healthcare provider organizations should view these settlements as a warning and review the investigatory reports to determine how their security programs stack up, particularly with data retention and authentication requirements.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33042\/New-York-Fines-EyeMed-600k-After-Data-Breach-Investigation-Finds-Security-Flaws.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45004,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[2224],"class_list":["post-45003","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentprivacyusadata-loss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-26T14:35:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.scmagazine.com\/wp-content\/uploads\/2022\/01\/GettyImages-1319289050.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws\",\"datePublished\":\"2022-01-26T14:35:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/\"},\"wordCount\":1224,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg\",\"keywords\":[\"headline,hacker,government,privacy,usa,data loss\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/\",\"name\":\"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg\",\"datePublished\":\"2022-01-26T14:35:07+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg\",\"width\":1024,\"height\":683},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,privacy,usa,data loss\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentprivacyusadata-loss\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/","og_locale":"en_US","og_type":"article","og_title":"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-26T14:35:07+00:00","og_image":[{"url":"https:\/\/cdn.scmagazine.com\/wp-content\/uploads\/2022\/01\/GettyImages-1319289050.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws","datePublished":"2022-01-26T14:35:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/"},"wordCount":1224,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg","keywords":["headline,hacker,government,privacy,usa,data loss"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/","url":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/","name":"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg","datePublished":"2022-01-26T14:35:07+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws.jpg","width":1024,"height":683},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-york-fines-eyemed-600k-after-data-breach-investigation-finds-security-flaws\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,privacy,usa,data loss","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentprivacyusadata-loss\/"},{"@type":"ListItem","position":3,"name":"New York Fines EyeMed $600k After Data Breach Investigation Finds Security Flaws"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45003"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45003\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45004"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}