WellPoint to pay $1.7M in online privacy inquiry

July 12, 2013 at 11:08 PM
Share & Print

NEW YORK (AP) — The U.S. Department of Health and Human Services said Thursday that health insurer WellPoint Inc. (NYSE:WLP) will pay $1.7 million to resolve allegations it left the information of more than 612,000 members available online because of inadequate safeguards.

The agency said that between Oct. 23, 2009 and March 7, 2010, security weaknesses in an online application database left the information of 612,402 people accessible to unauthorized users. That information included names, birthdates, addresses, telephone numbers, Social Security numbers, and health data.

The Health and Human Services Department said WellPoint didn't have adequate policies for authorizing access to the database, didn't perform a needed technical evaluation after a software upgrade, and did not have technical safeguards to verify that the people or entities seeking access were authorized to view the information in the database.

WellPoint, which is based in Indianapolis, reported the breach to HHS. The department then started an investigation, saying WellPoint's actions may have violated the Health Insurance Portability and Accountability Act (HIPAA).

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center