CVS Caremark has agreed to settle Federal Trade Commission charges that it failed to take reasonable and appropriate security measures to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In a separate but related agreement, the company’s pharmacy chain also has agreed to pay $2.25 million to resolve Department of Health and Human Services allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA).
Read more on the FTC site. This is far and away the biggest fine ever levied for a HIPAA violation.