Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
CMS announces changes to AHEAD Model for states
The Centers for Medicare & Medicaid Services Innovation Center Sept. 2 announced changes to the Achieving Healthcare Efficiency through Accountable Design…
Headline
Advisory warns of activity by Chinese state-sponsored cyber actors
Chinese state-sponsored cyber actors are maliciously targeting networks globally, including telecommunications, government and others, according to a joint…
Headline
FBI warns Russian cybercriminals attacking devices using Cisco software with unpatched vulnerability
The FBI Aug. 20 released an advisory warning of malicious activity by Russian cyber actors targeting end-of-life devices running an unpatched vulnerability in…
Headline
Analysis projects increases in state uninsured rates following passage of budget reconciliation bill
A KFF analysis published Aug. 20 provides a state-by-state allocation of Congressional Budget Office estimates that 10 million people could be uninsured by…
Headline
Guidance offers steps to create, maintain operational technology asset inventory for protection
The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13…
Headline
DOJ announces disruption of BlackSuit ransomware group 
The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as “Royal,” including the disruption…