An American health insurer has been fined $5.1M for a potential HIPAA violation after a data breach saw more than 9.3 million customers impacted and their personal health information potentially accessed.
The health insurer was fined after news of a 17-month data breach came to light, which forced the Excellus Health Plan, Inc. to pay the Office for Civil Rights (OCR) a $5.1 million settlement.
The settlement came after the Department of Health and Human Services identified a series of violations of the Health Insurance Portability and Accountability (HIPAA) Act, which aims to protect the confidentiality and integrity of protected health information (PHI).