Anthem Inc. agreed to take “substantial corrective action” to settle potential HIPAA privacy and security rules violations after a series of cyberattacks led to the largest U.S. health data breach in history. The previous largest HIPAA settlement was $5.55 million paid by Advocate Health Care in 2016. The insurer failed to take several basic security steps, including conducting an enterprisewide security risk assessment, OCR says. OCR Director Roger Severino says Anthem failed to implement appropriate measures for detecting hackers who had gained access to their system to harvest passwords.”]
Source: https://www.cuinfosecurity.com/anthem-mega-breach-record-16-million-hipaa-settlement-a-11622