Anthem Inc.

Anthem Inc. agreed to pay $16 million — the largest HIPAA settlement in history at the time — following a 2015 cyberattack that compromised the electronic protected health information of approximately 78.8 million individuals, the largest healthcare data breach in US history. HHS OCR found Anthem failed to conduct an enterprise-wide HIPAA security risk analysis, failed to implement appropriate information system activity review, and had insufficient technical controls to identify and respond to suspicious network activity prior to the breach. The settlement also required a comprehensive corrective action plan monitored for two years.