Feds Fine Eyeglass Retailer $1.5M for HIPAA Lapses in Hacks

Warby Parker was fined $1.5 million by the HHS Office for Civil Rights for HIPAA violations stemming from credential stuffing attacks that affected nearly 200,000 customers. The company was found to have failed to conduct a thorough risk analysis, implement sufficient security measures, and regularly review system activity records. Warby Parker waived its right to a hearing and did not contest the fine.