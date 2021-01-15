A company that provides health insurance to many people in Western New York has agreed to pay $5.1 million to the federal government to settle potential violations of health privacy regulations.

Excellus Health Plan, the Rochester-based parent of Univera Healthcare, will pay the settlement because of potential privacy violations caused by a cyberattack on the company’s records, the U.S. Department of Health and Human Services said Friday.

The attack caused a security breach affected as many as 9.3 million Excellus customers, including 1.5 million people in upstate and Western New York, HHS officials said.

In September 2015, Excellus informed the government that hackers had gained unauthorized access to the company’s information technology systems.

According to HHS, the security breach began sometime on or before Dec. 23, 2013, and ended on May 11, 2015.

The intrusion "resulted in the impermissible disclosure of the protected health information of more than 9.3 million individuals,” the federal agency said, “including their names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims, and clinical treatment information.”

A company spokesman told The Buffalo News that Excellus itself discovered the security issue, adding that the company admits to no wrongdoing and has taken corrective action.

