Federal Agency Settles Health Privacy Case with Blue Cross for $1.5 Million

The Department of Health and Human Services announced a settlement with Blue Cross Blue Shield after the company’s inadequate security measures allowed 57 unencrypted hard drives containing private health information to be stolen from a facility in Tennessee. The agency cannot issue a fine greater than $1.5 million, but it could have filed criminal charges or requires Blue Cross to mitigate future patient harms. For more information, see EPIC: Medical Privacy.

« EPIC Urges Senate to Safeguard FOIA for Cybersecurity | Main | Open Government Groups Oppose Cyber Security FOIA Exemption »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security