At nearly $7M, Premera Blue Cross agrees to pay 2nd largest HIPAA fine in OCR history

Premera Blue Cross agreed to pay HHS’ Office for Civil Rights $6.85 million to settle potential violations related to a HIPAA breach that affected more than 10.4 million people.

Five things to know:

1. The settlement is the second largest payment to resolve a HIPAA investigation in OCR’s history, according to the Sept. 25 news release.

2. The Mountlake Terrace, Wash.-based health insurer reported the security breach in March 2015 to HHS on behalf of itself and network affiliates. According to the report, cyberattackers used a phishing email to install malware that gave them unauthorized access to PBC’s IT system in May 2014.

3. The cyberattack went undetected for nearly nine months until January 2015, resulting in the exposure of more than 10.4 million individual’s protected health information including their names, Social Security numbers and bank account information.

4. OCR’s investigation discovered systemic noncompliance with the HIPAA rules including failing to conduct an enterprise-wide risk analysis and failures to implement risk management and audit controls.

5. In addition to the financial settlement, PBC will also implement a corrective action plan that includes two years of monitoring.

More articles on cybersecurity:
12 health system malware, ransomware and phishing incidents this month
Geisinger warns of phone spoofing scams, launches digital info hub
4-day Nebraska Medicine computer system outage wreaking havoc at 2 health systems


© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.