Health insurer Excellus penalized $5.1M by HHS for data breach
The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […]
The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop.
Continue reading Health insurer Excellus penalized $5.1M by HHS for data breach