Senior Communications Manager
Kirk Nahra Says Anthem Data Breach May Not Lead to Federal Enforcement Action
Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted yesterday in a Bloomberg BNA article about the cyberattack on Anthem Inc. The health insurer may not face federal enforcement action in connection with the data breach, in which hackers stole the personal information of millions of customers, Mr. Nahra said.
“Most security breaches don’t lead to some kind of compliance action,” he told BNA’s Privacy & Data Security Law Resource Center. Anthem is “a big company with a lot of customers, so my guess is they’ll look pretty good when the government comes to look at their security policies and procedures.”
Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, “the government doesn’t dictate too many specific practices or get into granular detail about what you have to do,” Mr. Nahra added. “It gives you a list of things you have to address, but it’s intentionally flexible. One of the challenges is that it’s hard to know if you’ve done enough.”