In 2015, Anthem, Inc. was subject to the largest U.S. health data breach in history, exposing the protected health information (PHI) of nearly 79 million people. The cyber-attackers accessed Anthem’s system through “spear phishing emails” after an employee of a subsidiary responded to such an email, opening the door to the attacks.
On October 16, 2018, the U.S. Department of Health & Human Services issued a press release, announcing that Anthem, Inc. agreed to pay $16 million to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and take “substantial corrective action” to settle the potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules resulting from these cyber-attacks.
You can view a copy of the press release here:
If your company would like guidance on how it can prevent HIPAA violations from occurring, please contact our firm.
Danielle Dietrich is a healthcare and litigation attorney in Tucker Arensberg’s Long Term Care Practice Group. She is licensed to practice law in Pennsylvania, Ohio and West Virginia. Danielle can be reached via email: ddietrich@tuckerlaw.com, telephone: 412-594-5605 or on Twitter at @DLDietrich.