Anthem to pay record-breaking $16 million settlement for health data breach

Anthem, Inc. will pay a record $16 million to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) after a data breach exposed the electronic protected health information of nearly 79 million people.

The record-breaking settlement agreement with the health insurance company was announced by OCR on Monday, Oct. 15. The settlement stems from a security incident that occurred in Jan. 2015, when Anthem discovered hackers gained access to its IT system through an undetected, continuous and targeted cyber attack.

Hackers were able to infiltrate the company’s system through phishing emails sent to an Anthem subsidiary. An investigation of the incident revealed that between Dec. 2014 and Jan. 2015 hackers stole the electronic protected health information of nearly 79 million people. Information stolen included: names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses and employment information.

The OCR said anthem failed to implement appropriate measures for detecting hackers. The office also said the company “failed to conduct an enterprise-wide risk analysis, had insufficient procedures to regularly review information system activity, failed to identify and respond to suspected or known security incidents, and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 18, 2014.”

In addition to the $16 million payment, Anthem will also have to develop a corrective action plan to comply with HIPAA Privacy and Security Rules.

“We know that large healthcare entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR,” OCR Director Roger Severino said in a statement.

""

Danielle covers Clinical Innovation & Technology as a senior news writer for TriMed Media. Previously, she worked as a news reporter in northeast Missouri and earned a journalism degree from the University of Illinois at Urbana-Champaign. She's also a huge fan of the Chicago Cubs, Bears and Bulls. 

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup