Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
NATO vows to defend health care sector against cyber attacks
NATO today issued a statement condemning “destabilising and malicious cyber activities directed against those whose work is critical to the response against…
Headline
Partnership releases cybersecurity crisis response guide
The Health and Public Health Sector Coordinating Council, a public-private partnership, yesterday released a crisis response guide to help health care…
Headline
Partnership issues guidance for protecting health care innovation capital
The Healthcare and Public Health Sector Coordinating Council, a public-private partnership developed to mitigate threats to the nation’s health care sector,…
Headline
FBI, CISA warn of serious nation state cyber threats, other top vulnerabilities
China and its proxies have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines…
Headline
DHS, CISA update telework guidance
The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency have updated their telework guidance to include new guidance on…
Headline
Podcast: A conversation with the DHS about COVID-19 cyber threats
Cyber actors have launched phishing campaigns against first responders, initiated denial-of-service assaults against government agencies and threatened medical…