Skip Navigation

Delayed Breach Notification Leads to Fine

Bookmark and Share


Indiana Attorney General
July 5, 2011

A release by the Indiana Attorney General Greg Zoeller reports that an Indiana-based insurance company will pay a $100,000 fine and take other steps for waiting months to notify authorities of a data breach. According to the release, Wellpoint, the Indianapolis-based parent of Anthem Blue Cross and Blue Shield, has agreed to pay the fine; provide up to two years of credit monitoring and identity theft protection to affected customers, and reimburse up to $50,000 for breach-related losses.

HIPAA now requires all Covered Entities and Business Associates (vendors) to report data breaches to authorities, affected consumers and, in some cases, the media.

Indiana AG Press Release