Following a 2021 phishing incident that compromised the data of over 89,000 individuals with Healthplex dental insurance, multiple settlements have occurred, including a $2 million penalty announced in August 2025 by New York's Financial Services Department. This case highlighted Healthplex's lack of multi-factor authentication and inadequate data retention policies, leading to substantial breaches of sensitive health information. Healthplex has committed to hiring an independent auditor to assess its cybersecurity controls as part of the settlement, with the New York Attorney General previously announcing a $400,000 settlement linked to the same incident.
"Health insurance providers are entrusted with highly sensitive personal information and health data of policyholders. The Department's nation-leading cybersecurity regulation requires insurers and other regulated entities to maintain and implement robust cybersecurity policies, so the private information New Yorkers entrust to them is protected."
"Healthplex's failure to adhere to these rules resulted in the exposure of the sensitive data of tens of thousands of consumers. As part of the settlement, Healthplex has agreed to hire an independent auditor to examine the adequacy of Healthplex's multi-factor authentication (MFA) controls."
Collection
[
|
...
]