The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Headline
A blog by Noah Isserman, AHA director of health insurance and coverage policy, explains why a recent analysis by the Medicare Payment Advisory Commission…
Headline
Leaders of the Five Eyes cybersecurity agencies, consisting of Australia, Canada, New Zealand, the United Kingdom and the United States, released a joint…
Headline
President Trump issued a memorandum June 12 on cybersecurity governance for national security systems used by federal agencies. The memo re-establishes and…
Perspective
Public
Healthcare affordability remains one of the top concerns for Americans. A Morning Consult poll of 2,000 voters released this week by the Coalition to…
Headline
The Cybersecurity and Infrastructure Security Agency and other federal agencies released a fact sheet June 2 on malicious cyber activity targeting U.S.-based…
Headline
The AHA filed an amicus brief June 5 in the U.S. District Court for the Eastern District of Pennsylvania in support of a provider seeking to obtain…