Tuesday, October 16, 2018

Anthem to Pay Record $16 Million for HIPAA Violations Exposing 79 Million Patient Records

Anthem logo.png
Anthem has agreed to a fine by the Department of Health and Human Services that is the largest fine ever paid for exposing patient Protected Health Information.  The fine is 16 million dollars.
The company states it is unaware of any illegal action that has happened due to the breach, but that might be difficult to prove.  The company is the second largest health insurer in the United States and currently insures 40 million people as well as selling individual and employer coverage in places such as California and New York.
The payment is in lieu of any and all civil penalties that the Department of Health and Human Services might have imposed.
The sad and embarrassing part of this story is that the breach was facilitated by a spear-phishing attack that convinced Anthem employees to divulge usernames and passwords.  Having that information then allowed the bad guys to eventually get System Administrator privileges.  This, in turn, let them run rampant through the system.
The data breach was discovered in 2015 which always makes you wonder who else has had a breach we have yet to learn about…

1 comment: