Anthem to pay $16 million settlement for health data breach

Health insurance provider Anthem will pay a record $16 million to HHS Office for Civil Rights (OCR) after a data breach exposed the protected health information of nearly 79 million people.

The record-breaking settlement agreement with the health insurance company was announced by OCR on Monday, Oct. 15. The settlement stems from a security incident that occurred in Jan. 2015, when Anthem discovered hackers gained access to its IT system through an undetected, continuous and targeted cyber attack.

Hackers were able to infiltrate the company’s system through phishing emails sent to an Anthem subsidiary. An investigation of the incident revealed that between Dec. 2014 and Jan. 2015 hackers stole the electronic protected health information of nearly 79 million people. Information stolen included: names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses and employment information.

The OCR said Anthem failed to implement appropriate measures for detecting hackers. The office also said the company “failed to conduct an enterprise-wide risk analysis, had insufficient procedures to regularly review information system activity, failed to identify and respond to suspected or known security incidents, and failed to implement adequate minimum access controls to prevent the cyber-attackers from accessing sensitive ePHI, beginning as early as February 18, 2014.”

In addition to the $16 million payment, Anthem will also have to develop a corrective action plan to comply with HIPAA Privacy and Security Rules.

“We know that large healthcare entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR,” OCR Director Roger Severino said in a statement.

""

Danielle covers Clinical Innovation & Technology as a senior news writer for TriMed Media. Previously, she worked as a news reporter in northeast Missouri and earned a journalism degree from the University of Illinois at Urbana-Champaign. She's also a huge fan of the Chicago Cubs, Bears and Bulls. 

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.