You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Federal Agency Settles Health Privacy Case with Blue Cross for $1.5 Million

The Department of Health and Human Services announced a settlement with Blue Cross Blue Shield after the company’s inadequate security measures allowed 57 unencrypted hard drives containing private health information to be stolen from a facility in Tennessee. The agency cannot issue a fine greater than $1.5 million, but it could have filed criminal charges or requires Blue Cross to mitigate future patient harms. For more information, see EPIC: Medical Privacy.

« EPIC Urges Senate to Safeguard FOIA for Cybersecurity | Main | Open Government Groups Oppose Cyber Security FOIA Exemption »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security