Anthem has been hit with a $16 million fine from the federal government as part of a settlement from its massive January 2015 breach, according to HealthData Management.
That incident was a result of a cyberattack that enabled hackers to access the electronic protected health information of nearly 79 million individuals. Anthem reported that the attackers gained access to data that included patient names, Social Security numbers, member identification numbers, addresses, dates of birth, email addresses and employment information.
According to an article by Joseph Goedert, the fine was announced Oct. 15 by the Office for Civil Rights of the Department of Health and Human Services, which typically enforces violations of HIPAA laws. The monetary penalty against the health insurer is nearly three times the size of what had been the previous record fine by OCR, which was a $5.55 million penalty for Advocate Health Care Network in 2016.
In a release from the Office for Civil Rights, Director Roger Severino said the largest breach in U.S. history fully merited the largest HIPAA settlement, which includes the fine and a substantial corrective action plan.
“We know that large healthcare entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR,” Serverino said in the HealthData Management article.
The resolution agreement and corrective action plan for Anthem is available here. VTN