Skip to main content
Blue @ Work

Cyberattacks and HIPAA rules

Part 1: Protecting personal health information

The Health Insurance Portability and Accountability Act, or HIPAA External Site, is a law that provides data privacy and security provisions for safeguarding medical and health information.

HIPAA defines a breach of protected health information (PHI) as “the acquisition, access, use or disclosure of PHI in a manner not permitted under the HIPAA Privacy Rule which compromises the security or privacy of the PHI.”

Ransomware threats

One of the biggest threats to health information privacy is the compromise of data through ransomware. Ransomware is a type of malicious software designed to block access to a computer or computer systems until money is paid. In these cases, the malware encrypts data with a key known only to the hacker. When electronic PHI is encrypted, a breach has occurred because an unauthorized individual has taken control of PHI.

Reporting to Wellmark Blue Cross and Blue Shield

If you suspect that you are a victim of a cyberattack or discover that member PHI has been compromised, you must report all incidents to Wellmark immediately.

Take action

Talk to your authorized Wellmark representative or send an email to CyberResponse@Wellmark.com Send Email.

Learn more to protect yourself against cybersecurity threats:

What to know about cybersecurityReporting cyberattacks to Wellmark
What to know about cybersecurity article Reporting cyberattacks to Wellmark article