In July 2019, Washington-based Premera Blue Cross, a not-for-profit health care organization, agreed to pay $10 million as a settlement for violating the Health Insurance Portability and Accountability Act (HIPAA) compliance regulation. A data breach that occurred in 2014 exposed medical and financial data of 10 million users.
On May 5, 2014, an attacker gained entry into the network and remained undetected until March 2015. The hacker managed to siphon off member information such as the names, contact information, dates of birth, member ID numbers, and Social Security numbers. It was later determined that the hacker exploited the security protocol vulnerabilities to enter the network.
Washington State Attorney General Bob Ferguson investigated the company’s practices following the 2014 health data breach and confirmed that the company failed to meet the security standards of HIPAA. It was revealed that cybersecurity experts warned Premera before the breach about addressing its security loopholes, but it failed to do so.
The multi-state settlement against Premera involves Alabama, Alaska, Arizona, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Jersey, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Rhode Island, Utah, Vermont, and Washington.
Apart from the financial penalty, Premera was also directed to implement strict security controls, hire a third-party cybersecurity provider to review its security efforts, and send regular reports to the state Attorney General's Office.
If you want to avoid making the news for the wrong reasons, consider getting a network security and log management tool like ManageEngine Log360 to help combat internal and external security attacks.
HIPAA mandates the standards organizations need to follow to protect and maintain the confidentiality of personally identifiable health care information. ManageEngine Log360, a comprehensive log management solution, helps IT security admins meet HIPAA requirements by monitoring and auditing access to critical data. This solution identifies and tracks suspicious insider activity as well.
Log360 provides out-of-the-box reports with exhaustive information on data access, user activity, user logon and logoff activity, and more. With Log360 reports, you can draw meaningful insights on accesses, modifications, and permissions of critical files to help mitigate insider threats. This solution also generates real-time email or SMS alerts for instant notifications about any compliance violations. Using Log360, you can:
Ready to get started? Download a free trial version of Log360 to test these features out yourself.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.