Excellus BCBS pays $5.1M to settle data breach affecting 9.3 million people

[Destry Winant <destry () riskbasedsecurity com>]

https://www.beckershospitalreview.com/payer-issues/excellus-bcbs-pays-5-1m-to-settle-data-breach-affecting-9-3-million-people.html

Excellus BlueCross BlueShield agreed to pay the Office for Civil
Rights $5.1 million to settle potential HIPAA violations related to a
data breach, HHS said Jan. 15.

In September 2015, Excellus filed a breach report that said
cyberattackers gained access to its IT systems. The breach began in
December 2013 and ended in May 2015, Excellus said.

More than 9.3 million people were affected by the breach, according to
HHS. The hackers installed malware into Excellus' IT system, which led
to the disclosure of people's Social Security numbers, bank account
information and clinical treatment information, among other personal
data.

An investigation from the OCR found Excellus may have violated HIPAA
by failing to conduct a risk analysis and IT system review.

In addition to the settlement, the insurer also agreed to implement a
corrective action plan, which includes two years of monitoring.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange