trending Market Intelligence /marketintelligence/en/news-insights/trending/berwmbneloq_hzwruvkaiq2 content esgSubNav
In This List

Anthem agrees to $16M settlement over cyberattacks

Blog

The Big Picture 2022 Insurance Industry Outlook

Podcast

Next in Tech | Episode 37: Insurance impacts on technology and vice versa

Case Study

A Prestigious Global Business School Gains a Competitive Edge

Video

S&P Capital IQ Pro | Unrivaled Sector Coverage


Anthem agrees to $16M settlement over cyberattacks

Anthem Inc. has agreed to pay $16 million to the U.S. Department of Health and Human Services in connection to a series of cyberattacks that affected electronic protected health information it maintained for affiliated health plans and other covered entity health plans.

An investigation by the department's Office for Civil Rights found that between Dec. 2, 2014, and Jan. 27, 2015, cyberattackers stole electronic protected health information of almost 79 million individuals, including names, Social Security numbers, medical identification numbers, addresses, dates of birth, email addresses and employment information.

The investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis, had insufficient procedures to regularly review information system activity, failed to identify and respond to suspected or known security incidents and failed to implement adequate minimum access controls to prevent cyberattackers from accessing sensitive electronic protected health information, beginning as early as Feb. 18, 2014.

To settle potential violations related to the attacks, Anthem has also agreed to undertake a corrective action plan to comply with the Health Insurance Portability and Accountability Act's privacy and security rules.