Excellus Health Agrees to Pay $5.1 Million Settlement Over Two-Year Data Breach Over 9 Million Individuals

    On January 15, 2021, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that Blue Cross Blue Shield subsidiary Excellus Health Plan, Inc. has agreed to a $5.1 million settlement for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, and has additionally agreed to implement a Corrective Action Plan.

    In September 2015, Excellus filed a data breach report, announcing that hackers had gained unauthorized access to the company’s information technology systems between December 2013 and May 2015. The hackers installed malware into Excellus’ systems, which released the personal health information (PHI) of nearly 9.3 million individuals.

    Read more at JD Supra

    Need a Data Privacy, Protection, and Security expert?

    If you are in need of an expert with experience in data privacy and data security disputes, we invite you to consider DisputeSoft.