HIPAA Violation and Data Loss results in $1.5M Fine for Blue Cross Blue Shield – and Massive Related Costs

The recent penalty on BlueCross BlueShield of $1.5 million to the federal government is a harsh warning to the Healthcare and Insurance industries to ensure effective data protection. The costs of HIPAA violations are severe, and companies need to make certain they employ an effective data protection solution built to address compliance and to simplify data management for IT.

The Real Costs and Penalties of HIPAA Non-Compliance and HIPAA Violation

The fine however is not the only expense of this Data Loss incident. Since the data was lost in 2009, the company has spent around $17 million in costs on investigation, analysis, notification and improved data protection efforts. This is a sure indication of the costs of HIPAA non-compliance, and how the associated costs of data loss are severe.

The data loss, investigated by the U.S. Department of Health and Human Services Office for Civil Rights, which said the company “failed to implement appropriate administrative safeguards to adequately protect information” at the facility and did not have adequate facility access controls. Both failures violated requirements of the Health Insurance Portability and Accountability Act.

Blue Cross Blue Shield has now agreed to a 450-day corrective action plan to assess and address weaknesses in its HIPAA compliance program, HHS said. The costs of HIPAA violation stretch beyond financial consequences.

Download our White Paper: HIPAA Compliance through Effective Data Protection

The penalty is a result of potential HIPAA violations of patient information rules that resulted from the theft of 57 hard drives from the Blue Cross Blue Shield. The hard drives contained protected health information of over one million customers. This personal information included Full Names, Date of Birth, Social Security number, diagnosis codes and health plan identification numbers.

“This settlement sends an important message that OCR expects health plans and health care providers to have in place a carefully designed, delivered and monitored HIPAA compliance program,” said OCR Director Leon Rodriguez.

BlueCross will also have to review, revise and maintain its privacy and security policies and procedures. They will have to ensure that no future HIPAA violations take place.

Read more on Healthcare Cyber Security 

FEATURED POSTS
IT Managers: How to Protect Your Users Against Ransomware

The best way to protect yourself, your users and your business against ransomware is by setting up a proactive defence. The ransomware statistics paint a frightening picture for anyone in charge of IT: In Q3 2016 alone, 18 million new malware samples were captured. Source: Panda Labs   What that means is that the criminals…

Cibecs Joins Silicon Valley Top 20

Cibecs Joins Silicon Valley Companies to be Listed on Top 20 Most Promising Storage Solution Providers of 2016 Cibecs, a leading South African endpoint backup, protection and security solution, has been recognised as one of the 20 Most Promising Storage Solutions of 2016 by CIO Review. The list, compiled by industry insiders, highlights leading global…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

Discover how easy endpoint data protection can be