Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 
The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers…
Headline
HHS announces initiative with insurers to streamline prior authorizations 
The Department of Health and Human Services June 23 announced an initiative coordinated with multiple health insurance companies to streamline prior…
Headline
CMS adds two new No Surprises Act IDR entities
The departments of Health and Human Services, Labor, and the Treasury have certified two more independent dispute resolution entities, bringing the total…
Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…
Headline
Agencies release guidance on AI data security 
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners May 22 released guidance on securing data used for…
Headline
Russian state-sponsored cyber actors targeting tech companies, others 
The FBI, along with the National Security Agency and other international cybersecurity agencies, this week released a joint agency advisory on cyber operations…