Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Blogs
    • AI
    • Deals
    • Layoff Tracker
    • HIMSS 2023
  • Opinion
    • Breaking Bias
    • Commentaries
    • Letters
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • 40 Under 40
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - AI and Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Sponsored Video Series - One on One
    • Sponsored Video Series - Checking In with Dan Peres
  • Data & Insights
    • Data & Insights Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
October 16, 2018 12:00 AM

Anthem's $16M breach settlement reminds others to assess their cyber risks

Rachel Z. Arndt
Shelby Livingston
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    AP

    Anthem's record-breaking data breach settlement last week put providers and insurers on notice that ignoring cybersecurity risks could come with a hefty price tag.

    The nation's second-largest insurer will pay HHS' Office for Civil Rights $16 million over a 2015 data breach that affected almost 79 million people, the largest data breach ever reported to the agency.

    "The security risk analysis is not a check-the-box activity," said Beth Pitman, counsel for law firm Waller Lansden Dortch & Davis. "It needs to be updated regularly and incorporated into the business processes of the entity."

    Before Anthem, OCR's highest fine was $5.5 million—levied against Hollywood, Fla.-based Memorial Health System in 2017 for a breach that affected more than 115,000 people.

    In Anthem's case, hackers broke into the network to steal names, birthdates, Social Security numbers, home addresses and other information of current and former members and employees.

    Anthem should have conducted an enterprise-wide risk analysis and put minimum access controls in place to prevent hackers from getting information once they were in the system, according to the OCR.

    "It's not just about all the things they didn't do—it's really a public punishment and statement on what OCR is going to do when this occurs," said Bill Fox, chief strategist for global healthcare, life sciences and insurance for Marklogic.

    Indeed, in announcing the settlement, OCR Director Robert Severino noted that a "breach of trust" calls for a large penalty.

    The action against Anthem should serve as a reminder for organizations to review their cybersecurity strategies and safeguards. Specifically, they must conduct risk assessments—a practice the OCR has long encouraged.

    Cyberdefenses are particularly important for insurers, which have considerably more records than a single hospital or even a health system.

    The class action and federal settlements haven't made a dent in Anthem's bottom line, according to equity analysts. The insurer's annual profit hit $3.8 billion in 2017. Membership grew to 40.2 million at the end of last year, up 4% from 38.6 million in 2015, signaling the breach didn't affect the ability to attract customers.

    The insurer's annual reports filed with the Securities and Exchange Commission have not detailed the full cost of the data breach.

    A multistate investigation by insurance departments found that the attack occurred when a user at one of Anthem's subsidiaries opened a phishing email with malicious content, allowing hackers to gain remote access to the computer and Anthem's data warehouse.

    The results of that investigation, released in 2017, concluded that the hacker likely worked on behalf of a foreign government; some reports have linked the attack to China.

    Anthem paid $260 million for security improvements and remedial actions in response to the breach.

    Healthcare breaches are rising, with 277 breaches through the first nine months of 2018, compared with 271 during the same period the year before. Most breaches stemmed from hacking or "IT incidents," according to the OCR.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    congress prescription drugs
    PBMs, Big Pharma face off in House hearing
    Biden COVID copy_i_i.jpg
    Biden administration asks employers to help more workers who lose Medicaid
    Most Popular
    1
    Centene to lay off 2,000 workers
    2
    How health systems are battling price-gouging allegations
    3
    Senate advances bill to temporarily aid hospitals, health centers
    4
    Elevance, Blue Cross Louisiana halt $2.5B proposed deal
    5
    Tower Health to sell urgent care centers, close others
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Help Center
    • Advertise with Us
    • Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Blogs
      • AI
      • Deals
      • Layoff Tracker
      • HIMSS 2023
    • Opinion
      • Breaking Bias
      • Commentaries
      • Letters
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • 40 Under 40
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - AI and Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Sponsored Video Series - One on One
      • Sponsored Video Series - Checking In with Dan Peres
    • Data & Insights
      • Data & Insights Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing