Dental Insurer Pays Hefty Fine for Data Breach
Healthplex, a dental insurance provider based in Uniondale, New York, has reached an agreement with the New York Attorney General’s office to pay $400,000 following a 2021 data breach. The breach, attributed to inadequate data security practices, exposed the personal information of 89,955 individuals, including 63,922 New York residents. The incident occurred when a Healthplex employee fell victim to a phishing email, granting a hacker access to the employee’s account with more than 12 years of emails. Some of which contained sensitive customer enrollment data, such as names, member identification numbers, insurance group details, addresses, dates of birth, credit card numbers, banking information, Social Security numbers, and member portal usernames and passwords. In response to the agreement, Healthplex will pay a $400,000 penalty and implement measures to enhance cybersecurity practices, including maintaining a comprehensive information security program, encrypting all personal information, establishing email retention schedules, enforcing strong password policies, implementing multifactor authentication, and conducting regular penetration testing to identify and address security vulnerabilities. Click here to read more.