A data breach that exposed the records of over two million clients of Ohio-based healthcare provider EyeMed Vision Care has led to penalties totalling $4.5m for the company. The case highlights the dangers of poor risk assessments and, particularly, failure to use multi-factor authentication (MFA).
EyeMed’s systems were breached when