Multi-State AGs Settle with EyeMed

EyeMed settled allegations that they failed to protect health data, following a breach. The Attorneys General alleged that EyeMed HIPAA and state-level consumer protection laws.

An EyeMed email attack resulted in more than two million people's medical information being compromised. As a result, EyeMed is paying $2.5 million to Oregon, New Jersey, Pennsylvania and Florida, and implement new security controls to better protect its information.

As we've posted before state Attorney General offices are one of three main accountability methods that can quickly drain any protections offered by liability insurance. We speculate that not only will EyeMed receive civil suits from consumers, but that the Office of Civil Rights may also elect to investigate. Whether either of these other two actions results in corrective action plans or settlements, the cost to litigate such cases is expensive.

While few companies can stave off a dedicated criminal, all companies can comply with HIPAA and other state laws to protect information. Compliance and security, when demonstrated, can potentially impact the success of litigation and reduce the plaintiff amounts or actions sought. Contact us if you've let your HIPAA program lag and need a little help getting it back on track. Click the graphic below to read the AG / EyeMed settlement.

Stay (HIPAA) safe, Alan -