HHS levies $1.5 million on Tenn. insurance company for data theft

The Health and Human Service Department has settled for a $1.5 million fine on Blue Cross Blue Shield of Tennessee, stemming from a 2009 identity theft case.

The agency’s Office of Civil Rights found the organization failed to provide proper safeguards for 57 unencrypted computer hard drives that were stolen in 2009, Infosecurity magazine reported. Blue Cross Blue Shield said it’s spent nearly $17 million investigating the theft, notifying more than 1 million affected patients and improving information security since the incident.

This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.