Premera Blue Cross agreed to pay HHS' Office for Civil Rights $6.85 million to settle potential violations related to a HIPAA breach that affected more than 10.4 million people.
Five things to know:
1. The settlement is the second largest payment to resolve a HIPAA investigation in OCR's history, according to the Sept. 25 news release.
2. The Mountlake Terrace, Wash.-based health insurer reported the security breach in March 2015 to HHS on behalf of itself and network affiliates. According to the report, cyberattackers used a phishing email to install malware that gave them unauthorized access to PBC's IT system in May 2014.
3. The cyberattack went undetected for nearly nine months until January 2015, resulting in the exposure of more than 10.4 million individual's protected health information including their names, Social Security numbers and bank account information.
4. OCR's investigation discovered systemic noncompliance with the HIPAA rules including failing to conduct an enterprise-wide risk analysis and failures to implement risk management and audit controls.
5. In addition to the financial settlement, PBC will also implement a corrective action plan that includes two years of monitoring.
Register today for Becker's HIT+RCM Virtual Event Oct. 6-9 for the best insights and big ideas in health IT!