Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
Veeam Software issues patches for exploitable security flaws
The Health Information Sharing and Analysis Center last week announced that Veeam, a software company that provides data protection, backup and disaster…
Headline
House Education and Workforce Committee holds hearing on contracting provisions, telehealth legislation
The House Education and Workforce Committee advanced several bills Sept. 11, including legislation that would empower commercial insurance companies at the…
Headline
Census: Uninsurance rate unchanged in 2023 
The uninsurance rate for Americans was 8% in 2023, unchanged from the previous year, according to Current Population Reports data released Sept. 10 by the…
Headline
Report: Skyrocketing hospital administrative costs, burdensome commercial insurer policies affecting patient care 
Hospitals and health systems are seeing significant increases in administrative costs, including due to burdensome practices by commercial insurers that often…
Headline
Agencies release final rule requiring mental health coverage parity
The departments of Labor, Health and Human Services and the Treasury Sept. 9 released a final rule ensuring commercial health plans comply with the Mental…
Headline
CISA releases guidance on best practices for event logging and cyberthreat detection 
The Cybersecurity and Infrastructure Security Agency Aug. 21 published guidance providing best practices for event logging to mitigate cyberthreats. The…