July 11 Health insurer WellPoint Inc
agreed to pay a fine of $1.7 million for allowing health and
other personal information from hundreds of thousands of people
to be accessed over the Internet, the U.S. Department of Health
and Human Services said on Thursday.
Security weaknesses in a WellPoint online application
database exposed information for 612,402 individuals between
October 2009 and March 2010, according to the agency.
Data included names, dates of birth, addresses, Social
Security numbers, telephone numbers and health information.
WellPoint, the second largest U.S. health insurer, agreed to
the fine to settle potential violations of healthcare privacy
Since privacy laws prohibiting such potential disclosures by
insurers or providers were enacted in 2009, HHS has received 627
reports of breaches involving 500 or more individuals, according
to HHS spokeswoman Rachel Seeger. The first case to be settled
involved a $1.5 million fine paid by Blue Cross/Blue Shield of
Tennessee in March 2012, she said.
WellPoint said it informed those who were potentially
impacted and has cooperated with the review.
"As soon as the situation was discovered in 2010, we made
information security changes to prevent it from happening
again," the company said in an emailed statement.
WellPoint said it also provided credit monitoring and
identity theft insurance to all those affected, and that it is
not aware of any fraud or identity theft arising from the