For the second time this year, health insurer EmblemHealth has been hit with a state financial penalty in connection with a 2016 breach that exposed Social Security numbers on mailings to more than 81,000 plan members.
The New Jersey attorney general Gurbir Grewal on Dec. 10 announced a $100,000 settlement in the case. Back in March, the breach resulted in a $575,000 settlement with New York’s attorney general’s office.
The two settlements highlight the importance of preventing health information mishaps regardless of the medium as well as the potential for serious enforcement actions by states. The HITECH Act of 2009 gave state attorneys general the authority to bring civil actions for violations of the HIPAA privacy and security rules. It is always a good security best practice to perform quarterly vulnerability assessments on your technology infrastructure. Reach out to Layer 7 Data Solutions for more information and a free consultation.