Tennessee insurer to pay $1.5 million for breach-related violations

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9225170/Tennessee_insurer_to_pay_1.5_million_for_breach_related_violations

Computerworld
March 13, 2012

A 2009 data breach that has already cost BlueCross BlueShield of Tennessee 
nearly $17 million got a little more expensive Tuesday.

The insurer today agreed to pay $1.5 million to the U.S. Department of 
Health and Human Services (HHS) to settle Health Insurance Portability and 
Accountability Act (HIPAA) violations related to the breach.

Under the settlement, BlueCross BlueShield has also agreed to review and 
revise its privacy and security policies and to regularly train employees 
on their responsibilities under the HIPAA of 1996.

The settlement is the first resulting from enforcement action taken by the 
HHS under Health Information Technology for Economic and Clinical Health 
(HITECH) breach notification requirements.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/