Anthem Mega-Breach: Record $16 Million HIPAA Settlement

The Department of Health and Human Services’ Office for Civil Rights says Anthem agreed to take “substantial corrective action” to settle potential HIPAA privacy and security rules violations after a series of cyberattacks led to the largest U.S. health data breach, exposing electronic protected health information.”The largest health data breach in U.S. history fully merits the largest HIPAA settlement in history,” says OCR Director Roger Severino.”Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information. We know that large healthcare entities are attractive targets for hackers, which is why they are expected to have strong password policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by OCR.”