On July 8, 2013, the U.S. Department of Health and Human Services (HHS) entered into a settlement agreement with WellPoint Inc. for $1.7 million for potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. According to the HHS Office for Civil Rights (OCR) report, WellPoint had security weaknesses in an online application database, which left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet. The ePHI included names, dates of birth, addresses, Social Security numbers, telephone numbers, and health information.
The HHS news release on the WellPoint settlement is available at: http://www.hhs.gov/news/press/2013pres/07/20130711b.html.
Department of Health & Human Services. “WellPoint Pays HHS $1.7 Million for Leaving Information Accessible Over the Internet.” News Release. 11 Jul. 2013.