Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
Amicus brief seeks to provide relief from Aetna’s ‘level of severity’ policy
The AHA filed an amicus brief June 5 in the U.S. District Court for the Eastern District of Pennsylvania in support of a provider seeking to obtain…
Headline
CMS releases updated report on complaint data, enforcement efforts 
The Centers for Medicare & Medicaid Services has released an updated report on complaint data and enforcement of health insurance market reforms. CMS said…
Headline
Survey finds 1 in 5 privately insured adults reported coverage denials for doctor-recommended care
A survey released June 4 by the Commonwealth Fund on insurance coverage denials found that 1 in 5 privately insured U.S. adults reported that they or a family…
Headline
Alert warns of cyber campaign by Chinese military intelligence to obtain classified or privileged information
The FBI and international agencies have released an alert on Chinese military intelligence services using professional networking sites and online job…
Headline
White House issues executive order on cybersecurity for AI
The White House issued an executive order June 2 on cybersecurity efforts regarding artificial intelligence. The order instructs federal…
Headline
Guide issued for healthcare organizations on cyber governance frameworks for secure AI implementation 
The Health Sector Coordinating Council’s Cybersecurity Working Group has released a guide to help healthcare organizations establish cyber governance…