February 28, 2021

Volume XI, Number 59


February 26, 2021

Subscribe to Latest Legal News and Analysis

Excellus Health Pays $5.1 Million to Resolve HIPAA Breach Involving Over 9 Million People

On January 15, 2021 the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $5,100,000 settlement with Excellus Health Plan, Inc. ("Excellus") for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

According to HHS, hackers accessed the Excellus electronic medical records system from December 2013 through May 11, 2015, resulting in the disclosure of the protected health information for over 9.3 million people.  This data included patient name, address, date of birth, email addresses, social security number, bank account information, health plan claims and clinical treatment information.    

In additional to the monetary settlement, Excellus agreed to a very thorough and detailed two-year Corrective Action Plan.

You can read the HHS Resolution Agreement and the Corrective Action Plan here.

©2020 Strassburger McKenna Gutnick & GefskyNational Law Review, Volume XI, Number 18



About this Author

Danielle L. Dietrich SMGG Attorney Pittsburgh, PA

Danielle L. Dietrich, Shareholder in the Pittsburgh Office of SMGG, focuses her practice in the areas of women and diverse-owned businesses, healthcare, elder law and litigation.  She has a broad range of experience in providing legal counsel and advice to her clients (both large and small), as well as having handled a wide range of disputes and litigation in Pennsylvania, Ohio and West Virginia.

A large portion of Ms. Dietrich’s practice focuses on the representation of women and diverse-owned businesses.  That practice includes assisting these...

(412) 281-5423