[BreachExchange] Excellus BCBS pays $5.1M to settle data breach affecting 9.3 million people

Destry Winant destry at riskbasedsecurity.com
Mon Jan 18 11:09:47 EST 2021


https://www.beckershospitalreview.com/payer-issues/excellus-bcbs-pays-5-1m-to-settle-data-breach-affecting-9-3-million-people.html

Excellus BlueCross BlueShield agreed to pay the Office for Civil
Rights $5.1 million to settle potential HIPAA violations related to a
data breach, HHS said Jan. 15.

In September 2015, Excellus filed a breach report that said
cyberattackers gained access to its IT systems. The breach began in
December 2013 and ended in May 2015, Excellus said.

More than 9.3 million people were affected by the breach, according to
HHS. The hackers installed malware into Excellus' IT system, which led
to the disclosure of people's Social Security numbers, bank account
information and clinical treatment information, among other personal
data.

An investigation from the OCR found Excellus may have violated HIPAA
by failing to conduct a risk analysis and IT system review.

In addition to the settlement, the insurer also agreed to implement a
corrective action plan, which includes two years of monitoring.


More information about the BreachExchange mailing list