Georgia-based Aveanna Healthcare must pay $425,000 after a series of phishing attacks led to a data breach, says Massachusetts Attorney General — and now governor-elect — Maura Healey in a release. Private information, “which may have included social security numbers, driver’s license numbers, financial account numbers, and health information such as diagnoses, medications, and treatment records, of more than 4,000 Massachusetts residents, including patients and employees, was potentially accessed by the hackers” after the phishing attack, Healey says. “Aveanna was aware that its cybersecurity required improvement but had not implemented new changes to improve it by the time the phishing attacks occurred,” Healey elaborates. In addition to the settlement, Aveanna “will be required to develop, implement, and maintain a security program that includes phishing protection technology, multi-factor authentication, and other systems designed to detect and address intrusions,” Healey says.