Excellus will pay $5.1M to OCR after data breach affects 9.3M people

Excellus Health Plan, also known as Excellus BlueCrossBlueShield, has agreed to pay $5.1 million to settle potential HIPAA violations related to a breach that lasted nearly a year and a half and affected over 9.3 million people. The breach, which occurred between December 2013 and May 2015, resulted in the unauthorized access of protected health information. The U.S. Department of Health and Human Services Office for Civil Rights emphasized the need for healthcare entities to improve their cybersecurity measures.