Federal Agency Settles Health Privacy Case with Blue Cross for $1.5 Million

The Department of Health and Human Services announced a settlement with Blue Cross Blue Shield after the company’s inadequate security measures allowed 57 unencrypted hard drives containing private health information to be stolen from a facility in Tennessee. The agency cannot issue a fine greater than $1.5 million, but it could have filed criminal charges or requires Blue Cross to mitigate future patient harms. For more information, see EPIC: Medical Privacy.


« EPIC Urges Senate to Safeguard FOIA for Cybersecurity | Main | Open Government Groups Oppose Cyber Security FOIA Exemption »

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

EPIC Champion of Freedom Awards Dinner 2016

Dinner image

National Press Club
Washington, DC
June 6, 2016

#Privacy