Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
July 17 webinar to review health care cyber threats, security practices
The AHA and the Department of Homeland Security July 17 at 1 p.m. ET will host a webinar discussing current cybersecurity threats to the health care sector.
Headline
July 17 webinar on cyber threats to the health care sector
The AHA and the Department of Homeland Security July 17 at 1 p.m. ET will host a webinar discussing current cybersecurity threats to the health care sector.
Headline
FDA: Certain Medtronic insulin pumps recalled due to cybersecurity risk
Medtronic has recalled certain MiniMed insulin pumps due to cybersecurity risks, and will provide alternative pumps to the estimated 4,000 U.S. patients using…
Headline
Microsoft alerts public to cyber vulnerability in older versions of Windows
Last week, Microsoft released security updates to fix a critical vulnerability in older versions of its Windows operating system.
Headline
President signs executive order to strengthen the cybersecurity workforce
President Trump yesterday signed an executive order to help strengthen the nation’s cybersecurity workforce.
Headline
AHA provides input to senator on reducing health care cyber vulnerabilities
In a letter today to Sen. Mark Warner, D-Va., AHA responds to a recent request from the senator for input regarding cybersecurity in the health care sector.