Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
Blog details why Anthem policy limits access to care
A blog by Noah Isserman, AHA director of health insurance and coverage policy, explains why Anthem’s nonparticipating provider policy limits patients’ …
Blog
Prioritize Protecting Patients' Timely Access to Care, Not Padding Insurer Margins
Public
Patients are best served when insurers act as transparent and reasonable partners, not when they invoke patient protection laws to justify payment strategies…
Headline
AHA pushes back on Families USA report
The AHA shared the following statement with the media in response to a report released May 7 by Families USA.   “This report is long on rhetoric and…
Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…
Headline
CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks
The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive…
Headline
Webinar to explore AI use in cybersecurity, health care technology 
John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging…