Insurer Anthem will pay record $16M for massive data breach

The nation’s second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday.

Posted: Oct 15, 2018 6:48 PM

WASHINGTON (AP) — The nation’s second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday.

The personal information of nearly 79 million people — including names, birthdates, Social Security numbers and medical IDs — was exposed in the cyberattack, discovered by the company in 2015.

The settlement between Anthem Inc. and the Department of Health and Human Services represents the largest amount collected by the agency in a health care data breach, officials said.

“When you have large breaches it erodes people’s confidence in the privacy of their sensitive information, and we believe such a large breach of trust merits a substantial payment,” said Roger Severino, director of the HHS Office for Civil Rights. The office also enforces the federal health care privacy law known as HIPAA, or the Health Insurance Portability and Accountability Act.

Severino said the Anthem settlement is nearly three times larger than the previous record amount paid to the government in a privacy case. That sends a message to the industry that “hackers are out there always and large health care entities in particular are targets,” he added.

The Blue Cross-Blue Shield insurer also agreed to a corrective action plan under government monitoring, which involves a process for the company to assess its electronic security risks, take appropriate countermeasures and maintain ongoing surveillance.

Indianapolis-based Anthem covers more than 40 million people and sells individual and employer coverage in key markets like New York and California. The payment is in lieu of civil penalties that HHS may have imposed. Anthem admitted no liability. The civil case involving privacy laws is separate from any other investigation the government may be pursuing.

In a statement Monday, Anthem said it’s not aware of any fraud or identity theft stemming from the breach. The company provided credit monitoring and identity theft insurance to all customers potentially affected.

“Anthem takes the security of its data and the personal information of consumers very seriously,” the statement said. “We have cooperated with (the government) throughout their review and have now reached a mutually acceptable resolution.”

The company discovered the data breach in early 2015, but hackers had been burrowing into its systems for weeks. Security experts said at the time that the size and scope of the attack indicated potential involvement by a foreign government.

Hackers used a common email technique called spear-phishing in which unwitting company insiders are tricked into revealing usernames and passwords. The Anthem attackers gained the credentials of system administrators, allowing them to probe deeply into the insurer’s systems.

HHS said its investigation found that Anthem had failed to deploy adequate measures for countering hackers. The company lacked an enterprisewide risk analysis, had insufficient procedures to monitor activity on its systems, failed to identify and respond to suspected or known security incidents, and did not implement “adequate minimum access controls” to shut down intrusions from as early as February 2014.

Terre Haute
Overcast
47° wxIcon
Hi: 49° Lo: 41°
Feels Like: 45°
Robinson
Overcast
44° wxIcon
Hi: 47° Lo: 40°
Feels Like: 44°
Indianapolis
Overcast
46° wxIcon
Hi: 48° Lo: 43°
Feels Like: 46°
Rockville
Overcast
41° wxIcon
Hi: 47° Lo: 39°
Feels Like: 41°
Casey
Overcast
41° wxIcon
Hi: 45° Lo: 39°
Feels Like: 41°
Brazil
Overcast
47° wxIcon
Hi: 49° Lo: 41°
Feels Like: 45°
Marshall
Overcast
47° wxIcon
Hi: 46° Lo: 39°
Feels Like: 45°
Rainy & Cold
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 383687

Reported Deaths: 9792
CountyConfirmedDeaths
Cook1774655433
DuPage23099606
Lake20815511
Will18621427
Kane16903347
Winnebago10340180
St. Clair7993220
Madison7221154
McHenry6452121
Champaign617229
Unassigned4778270
Peoria462273
McLean420934
Rock Island407090
Sangamon406763
Kankakee342180
Macon316052
Kendall270430
Tazewell268756
LaSalle242663
DeKalb239942
Coles193539
Adams188820
Williamson188859
Boone187825
Clinton178926
Vermilion174110
Jackson154826
Whiteside146027
Knox131716
Randolph128315
Ogle12187
Effingham11834
Marion102819
Stephenson10187
Franklin9869
Grundy9777
Morgan93424
Monroe92530
Bureau91316
Jefferson90748
Henry8537
Christian82529
Macoupin81611
Union78725
McDonough77120
Lee7402
Shelby69112
Fayette68524
Douglas6849
Crawford6516
Livingston64610
Woodford63714
Montgomery61516
Logan5994
Saline5679
Fulton5271
Jo Daviess5127
Bond5079
Warren5068
Iroquois49519
Wayne48612
Jersey47521
Cass46311
Perry44716
Carroll41911
Moultrie4154
Johnson3620
Pike3586
Lawrence3368
Richland33516
Clay31413
Hancock3144
Clark31017
Washington3102
Mason3091
Greene29515
Cumberland2946
Mercer2706
White2704
De Witt2646
Jasper26410
Piatt2540
Pulaski2401
Wabash2285
Ford19814
Menard1861
Edgar15710
Marshall1573
Massac1552
Henderson1290
Hamilton1262
Alexander1241
Brown1110
Edwards1090
Gallatin1072
Scott1070
Putnam920
Schuyler901
Stark863
Calhoun660
Hardin540
Pope421
Out of IL50

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 164581

Reported Deaths: 4143
CountyConfirmedDeaths
Marion26055792
Lake14436358
St. Joseph9606168
Elkhart9271138
Allen8647231
Hamilton6400115
Vanderburgh617162
Tippecanoe396715
Porter347550
Hendricks3418134
Monroe335638
Johnson3286130
Delaware311575
Clark306263
Vigo275340
Madison250896
LaPorte239261
Cass229724
Warrick205065
Kosciusko201127
Floyd187468
Howard169466
Bartholomew147958
Marshall147428
Dubois146426
Wayne142031
Grant133539
Henry133030
Boone129150
Hancock124744
Noble122935
Jackson121018
Dearborn103128
Morgan100340
Lawrence96838
Gibson94412
Clinton92416
Daviess92334
Shelby90632
LaGrange82815
Knox81810
Harrison81024
Posey7767
Putnam77616
Fayette76719
DeKalb76011
Jasper6885
Miami6715
Steuben6608
Montgomery63122
White62316
Greene57838
Adams5607
Scott55413
Decatur52839
Ripley4838
Whitley4836
Clay4617
Sullivan45714
Wells45611
Huntington4455
Starke4438
Wabash4439
Orange42425
Spencer4176
Randolph39210
Jennings38713
Washington3873
Franklin38325
Fulton3785
Perry36914
Jefferson3655
Pike35718
Carroll34313
Jay3386
Fountain3293
Tipton28423
Vermillion2721
Parke2564
Rush2464
Blackford2394
Newton23711
Owen2151
Martin2050
Pulaski1783
Crawford1631
Brown1473
Ohio1337
Union1140
Benton1130
Switzerland980
Warren911
Unassigned0236