Health Law & Business

Health Insurer to Pay $5.1 Million Over 18-Month Security Breach

Jan. 15, 2021, 7:55 PM

Excellus Health Plan Inc. will pay $5.1 million after a health-information cyberattack compromised health data of millions of people and lasted nearly 18 months, the Department of Health and Human Services said Friday.

Hackers installed malware in Excellus’s information-technology systems and were able to gain access to the protected health information of more than 9.3 million individuals, the HHS said.

Investigators found that Excellus failed to implement risk management procedures and access controls, and it failed to conduct an enterprise-wide risk analysis or activity reviews—all potential violations of the Health Insurance Portability and Accountability Act.

The information included names, addresses,...

To read the full article log in. To learn more about a subscription click here.