At nearly $7M, Premera Blue Cross agrees to pay 2nd largest HIPAA fine in OCR history

Five things to understand:.

Jackie Drees –
Friday, September 25th, 2020
Print|Email.

Premera Blue Cross consented to pay HHS Office for Civil Rights $6.85 million to settle potential offenses connected to a HIPAA breach that affected more than 10.4 million individuals.

1. The settlement is the second biggest payment to fix a HIPAA investigation in OCRs history, according to the Sept. 25 press release.

2. The Mountlake Terrace, Wash.-based health insurance company reported the security breach in March 2015 to HHS on behalf of itself and network affiliates. According to the report, cyberattackers used a phishing e-mail to install malware that offered them unauthorized access to PBCs IT system in May 2014.

3. The cyberattack went undetected for nearly nine months up until January 2015, leading to the exposure of more than 10.4 million individuals safeguarded health info including their names, Social Security numbers and checking account details.

4. OCRs investigation found systemic noncompliance with the HIPAA rules including stopping working to carry out an enterprise-wide danger analysis and failures to carry out danger management and audit controls.

5. In addition to the financial settlement, PBC will likewise execute a restorative action plan that consists of 2 years of monitoring.

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this material? View our policies by click on this link.

More articles on cybersecurity:12 health system phishing, ransomware and malware incidents this monthGeisinger warns of phone spoofing rip-offs, launches digital information hub4-day Nebraska Medicine computer system failure wreaking havoc at 2 health systems.

The Mountlake Terrace, Wash.-based health insurance company reported the security breach in March 2015 to HHS on behalf of itself and network affiliates. According to the report, cyberattackers utilized a phishing email to set up malware that gave them unauthorized access to PBCs IT system in May 2014.

© Copyright ASC COMMUNICATIONS 2020. Intrigued in LINKING to or REPRINTING this content?