DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Attorney General James Secures $400,000 from Dental Insurance Provider for Failing to Protect Patient Data

Posted on December 12, 2023 by Dissent

Chris Boyle reports:

New York Attorney General Letitia James today secured $400,000 from one of New York’s largest dental insurance providers, Healthplex, Inc. (Healthplex), for failing to properly protect the personal and medical information of New Yorkers. Healthplex, a Long Island-based company, had inadequate data security practices that made it susceptible to a data breach attack that compromised the personal and private information of 89,955 individuals, of which 63,922 were New York residents. As a result of this agreement, Healthplex has agreed to strengthen its data security practices.

“Visiting a dentist’s office can be a stressful experience without having the added concern that personal and medical data could be stolen by bad actors,” said Attorney General James. “Insurers, like all companies charged with holding on to sensitive information, have an obligation to ensure that data is safeguarded and doesn’t fall into the wrong hands. New Yorkers can rest assured that when my office is made aware of data breaches, we will drill down and get to the root of the problem.”

In late November 2021, an unknown individual sent a phishing email to a Healthplex employee, requesting the employee to enter their login credentials. On November 24, 2021, the hacker gained access to the employee’s account which contained over 12 years of emails. Some of the exposed emails contained sensitive customer enrollment information, including names, member identification numbers, insurance group names and numbers, addresses, dates of birth, credit card numbers, banking information, Social Security numbers, and member portal usernames and passwords. The Office of the Attorney General’s investigation concluded that, by failing to implement multifactor authentication for remote email access, Healthplex failed to adopt reasonable data security practices to protect patients’ personal and health information.

Read more at LongIsland.com.

Related posts:

  • Attorney General James Secures $975,000 from Auto Insurance Company over Data Breach
  • NY Attorney General James Recovers $1.7 Million from Cryptocurrency Platform for Operating Illegally
  • Attorney General James Secures $500,000 from Auto Insurance Company Over Data Breach
  • Attorney General James Secures $450,000 from US Radiology Specialists for failing to protect patient data
Category: Health DataOf NotePhishingU.S.

Post navigation

← How cybercriminals are using Wyoming shell companies for global hacks
Russian banker of Hive ransomware network arrested in Paris →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’
  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.