NYDFS CYBERSECURITY ENFORCEMENT ACTION AGAINST TTEC HEALTHCARE

NYDFS entered into another cybersecurity Consent Order, this time with TTEC Healthcare Solutions, Inc. an insurance broker.  Cybersecurity actions have become one of the agency’s most common types of enforcement actions.   This one carries a $1.9 Million penalty; some takeaways from DFS allegations include:

•    TTEC failed to implement adequate multi-factor authentication.

•    TTEC completely failed to file Part 500 Certifications of Compliance for 2018 and 2019.

•    TTEC failed to maintain its audit trail records for three years as required.

•    TTEC must engage outside consultants to conduct audits of its MFA and retention policy.

There was no press release on this matter; the Consent Order is below:  https://www.dfs.ny.gov/system/files/documents/2022/12/ea20221202_ttec_hs.pdf