Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Scale

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
Center releases resources to protect against foreign intelligence threats
The National Counterintelligence and Security Center this week released resources to help the private sector protect American innovation and computer networks…
Headline
HHS task group releases health care cybersecurity guidelines
A Department of Health and Human Services task group recently released cybersecurity guidelines for the health care field, as mandated by the Cybersecurity Act…
Headline
HIPAA settlement highlights need to protect PHI access when staff leave
A settlement agreement with Pagosa Springs (Colo.) Medical Center that the Department of Health and Human Services’ Office for Civil Rights announced this week…
Headline
Committee highlights priorities to address cybersecurity challenges
Republicans on the House Energy and Commerce Committee Friday released a report summarizing initial efforts by its Oversight and Investigations Subcommittee to…
Headline
Iranian men charged with SamSam ransomware attacks
A federal grand jury yesterday charged two Iranian men with developing and deploying the SamSam
Headline
OIG: FDA should address postmarket cybersecurity risk to medical devices
The Food and Drug Administration’s policies and procedures were insufficient for handling postmarket medical device cybersecurity events, and the agency has…