Premera Blue Cross Settles with OCR for $6.85 Million for Breach of 10.4 Million Records

Robinson+Cole Data Privacy + Security Insider

Premera Blue Cross (Premera) has agreed to settle with the Office for Civil Rights (OCR) for $6.85 million over allegations of violations of HIPAA after an investigation of a data breach that occurred in 2014 affecting 10.4 million individuals. This is the largest settlement the OCR has entered into with a covered entity in 2020, and the second largest in history (second only to Anthem, which settled with the OCR for $16 million in 2018 for a data breach that occurred in 2015).

Premera self-reported to the OCR on March 17, 2015, that cyber-attackers infiltrated its IT system through a phishing campaign in May 2014, which went undetected until January of 2015. The attack, an advanced persistent threat, compromised the protected health information of 10.4 million individuals, including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information and clinical information.

Following an investigation, the OCR alleged that Premera failed both to conduct an enterprise-wide security risk analysis and to implement risk management measures or audit controls.

In addition to the payment of the settlement amount, Premera entered into a Corrective Action Plan to implement security measures, including conducting a risk analysis and developing and implementing a risk management plan, and revising its privacy and security policies.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.