Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Health insurance

Anthem fined $1.7 million in 2010 breach

Elizabeth Weise
USA TODAY
Anthem corporate headquarters in Indianapolis.

SAN FRANCISCO — Anthem, which revealed Wednesday that the records of 80 million of its customers had potentially been breached, was fined $1.7 million for a 2010 computer breach that resulted in the disclosure of personal information of approximately 612,000 people.

The fine was levied by the U.S. Department of Health and Human Services under HIPAA, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.

At the time, Anthem was known as WellPoint. The company was formed when Anthem Insurance bought WellPoint Health Networks in 2004.

The HHS investigation found that in 2009 and 2010, WellPoint did not adequately implement policies and procedures to protect unsecured "electronic protected health information" covered by HIPAA.

The names, dates of birth, addresses, Social Security numbers, telephone numbers and health information of WellPoint customers were disclosed as a result, HHS said.

"The personally identifiable information that HIPAA-covered health plans maintain on enrollees and members — including names and Social Security Numbers — is protected under HIPAA, even if no specific diagnostic or treatment information is disclosed," said Rachel Seeger, a senior HHS adviser.

WellPoint's chief information security officer at the time of the fine was Roy Mellinger. He is currently chief information security officer for Anthem.

This week's breach at Anthem will likely be the largest health care related breach to date as it involved as many as 80 million Anthem current and former customers. Anthem is potentially liable for a fine of up to $1.5 million for the breach under HHS rules.

HHS could not confirm that this was the largest so far because Anthem has not yet officially reported the breach. The company has 60 days to do so.

The two largest health care breaches to date have been Community Hospital Systems in 2014, which involved data from 4.8 million individuals, and Tricare in 2011, which affected 4.9 million.

HHS has resolved 14 cases that resulted from breach reports of electronic protected health information. These 14 settlements have resulted in a total of $15.4 million in monetary settlements, Seeger said.

Featured Weekly Ad