Anthem pays OCR $16 million in HIPAA settlement 

Oct 16, 2018 - 02:26 PM
Anthem

The Department of Health and Human Services’ Officer for Civil Rights yesterday announced that Anthem has agreed to pay $16 million and take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act after a series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of nearly 79 million people. 

“Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. 

In addition to the impermissible disclosure of ePHI, OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis; had insufficient procedures to regularly review information system activity; failed to identify and respond to suspected or known security incidents; and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 2014.
 

Related News Articles

Headline
Survey finds prior authorization viewed as greatest hurdle in navigating health care
A KFF survey published today found that people view prior authorization as the biggest challenge beyond costs when navigating the health care system. In terms…
Headline
FBI launches campaign to protect hospitals, other critical infrastructure against cyberattacks
The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions…
Headline
Analysis: MA insurers made 53 million prior authorization determinations in 2024
A KFF analysis released Jan. 28 found that Medicare Advantage insurers made nearly 53 million prior authorization determinations in 2024, an increase…
Headline
Guides offer strategies on preparing for public health emergencies, cybersecurity incidents 
Two AHA guides offer strategies for hospitals and health systems in preparing for public health emergencies and disasters and managing cybersecurity incidents…
Headline
White paper explains use of mock claims for advanced explanation of benefits 
The AHA Jan. 26 released a white paper on addressing challenges in implementing an advanced explanation of benefits, which requires coordination among multiple…
Headline
Commercial health insurer CEOs testify on health care affordability; AHA submits statements for House hearings
The House Energy and Commerce Subcommittee on Health and Ways and Means Committee Jan. 22 hosted hearings on health care affordability that included…