Long Island dental insurer to pay $400,000 penalty after 2021 data breach
State Attorney General Letitia James announced Monday that Healthplex Inc., will pay a penalty and strengthen its cybersecurity practices. Credit: Newsday/J. Conrad Williams Jr.
A Long Island-based dental insurance provider has agreed to pay a $400,000 penalty after a 2021 data breach compromised the personal and private information of almost 90,000 individuals, more than 60,000 of them New York residents, the office of state Attorney General Letitia James announced Monday.
As a result of the agreement, James said not only will the provider, Healthplex Inc., headquartered at The Omni Building in Uniondale, pay the penalty, it also will “adopt a series of procedures” designed to strengthen its cybersecurity practices in the future.
“Visiting a dentist’s office can be a stressful experience without having the added concern that personal and medical data could be stolen by bad actors,” James said in a statement Monday, adding: “Insurers, like all companies charged with holding on to sensitive information, have an obligation to ensure that data is safeguarded and doesn’t fall into the wrong hands.”
According to authorities, the breach stemmed from a so-called “phishing email” sent to a Healthplex employee in late November 2021.
As a result of that email, James said a hacker “gained access” to the employee’s account on Nov. 24, 2021. That account contained more than 12 years of emails, some of which resulted in the exposure of “sensitive customer enrollment information,” including names, member identification numbers, insurance group names and numbers, addresses, dates of birth, credit card information, user names and passwords — and, even, Social Security numbers.
The breach compromised the private data of 89,955 individuals, 63,922 of them New York State residents, the Attorney General’s Office said.
A Healthplex company spokesperson could not be reached for comment Monday.
In addition to the penalty, James said Healthplex agreed to maintain a “comprehensive information security program” designed to protect confidentiality and private information and encrypt all personal information. It must also improve the security of its email retention, passwords and authentication procedures.
John Valenti, a reporter at Newsday since 1981, has been honored nationally by the Associated Press and Society of the Silurians for investigative, enterprise and breaking news reporting, as well as column writing, and is the author of “Swee'pea,” a book about former New York playground basketball star Lloyd Daniels. Valenti is featured in the Emmy Award-winning ESPN 30-for-30 film “Big Shot.”
'Beneath the Surface': A look at the rise in shark sightings off LI shores It seems shark sightings are dominating headlines on Long Island and researchers are on a quest to find out why more sharks are showing up in Long Island waters. NewsdayTV meteorologist Rich Von Ohlen discusses how to stay safe.
'Beneath the Surface': A look at the rise in shark sightings off LI shores It seems shark sightings are dominating headlines on Long Island and researchers are on a quest to find out why more sharks are showing up in Long Island waters. NewsdayTV meteorologist Rich Von Ohlen discusses how to stay safe.
