![]() ![]() Last November, Anthem agreed to pay $16 million to the OCR to settle violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. How much did Anthem have to pay for the data breach? “Unfortunately, Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords and steal people’s private information,” said OCR Director Roger Severino. Implement adequate minimum access controls to prevent cyber attackers from accessing sensitive patient data.Identify and respond to suspected or known security incidents.Enact sufficient procedures to review information system activity regularly.Conduct an enterprise-wide risk analysis.That investigation concluding that Anthem had failed to perform a number of security activities, including these: “As a result, the team found Anthem’s improvements to its cybersecurity protocols and planned improvements were reasonable.”īut the OCR’s investigation found differently. “The team noted Anthem’s exploitable vulnerabilities, worked with Anthem to develop a plan to address those vulnerabilities, and conducted a penetration test exercise to validate the strength of Anthem’s corrective measures,” the department said in its statement. What’s happened since then?Īs recently as last fall, Anthem has said it has found no evidence of identity theft stemming from the attack.Īnd an investigation by the California Department of Insurance concluded that Anthem took “reasonable measures” to protect its data before the data breach and had employed a remediation plan to respond to the breach. ![]() Investigators said the sophistication of the attack pointed to a nation-state. Anthem publicly acknowledged the data breach in early February. 2, 2014, and continued until it was discovered Jan. Investigators found that the advanced persistent threat (APT) attack began Feb. Attackers were able to plant malware on the company’s system and gain remote access to confidential information. ![]() Department of Health and Human Services (HHS) Office for Civil Rights (OCR), hackers sent phishing emails to an Anthem subsidiary. Data included names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information.Īnd it began the way so breaches many do-with a phishing email.Īccording to the U.S. The breach of the Indianapolis-based health insurer formerly known as WellPoint-the largest for-profit company in the Blue Cross and Blue Shield Association-compromised the electronic health records of nearly 79 million patients. So it would be hard to label Anthem a wake-up call that changed the world of healthcare data security. However, the number of breaches has increased, from the 250 range to more than 350 most years. The Anthem data breach pushed the total number of records exposed in 2015 to 112 million, and no year since then has seen anything close. No single breach since then has been worse. It still is-which is good news regarding the security of patient data held by healthcare organizations. It was the biggest single compromise of healthcare data in history. The data breach of healthcare giant Anthem, which came to light a little more than four years ago, exposed about 79 million patient records. But healthcare cyber security has improved since then. The Anthem data breach in 2014–2015 was the largest healthcare data breach ever. ![]()
0 Comments
Leave a Reply. |