Health Net says 1.5M medical records lost in data breach
Connecticut A.G. calls six-month delay in reporting loss 'incomprehensible
Computerworld - A hard drive with seven years' worth of personal financial and medical information on about 1.5 million customers of Health Net of the Northeast Inc. was reported missing to state officials yesterday -- six months after the drive went missing.
Along with medical records, the hard drive contains names, addresses and Social Security numbers of Health Net customers from Arizona, Connecticut, New Jersey and New York. Connecticut has data breach laws requiring individuals be notified of the loss of their personal data without reasonable delay.
The data loss, which occurred in May, was only reported by the insurance company to the Connecticut state attorney general's office and the Department of Insurance yesterday. The device containing the data was an external, portable hard drive. The data had not been encrypted.
Health Net, based in Shelton, Conn., had no information about the data breach on its Web site.
Connecticut Attorney General Richard Blumenthal said his office is investigating the data breach. "Health Net's incomprehensible foot-dragging demonstrates shocking disregard for patients' financial security, as well as loss of their highly sensitive and confidential personal health information," he said in a statement.
"I will demand immediate answers and action, including at least two years of comprehensive identity theft protection for consumers," he said. "We will demand identity theft insurance and reimbursement for credit freezes as well as credit monitoring for at least two years for all 446,000 consumers" in Connecticut whose data is at risk.
The state's insurance commissioner, Thomas Sullivan, said he is requiring Health Net to offer credit protection monitoring through Debix, a company that provides identity-theft protection services.
According to a statement by Health Net, the information on the drive was saved in an image format that cannot be read without special software. Health Net plans to send letters to its customers officially notifying them of the incident.
"Protecting the privacy of our members is extremely important to us," Health Net said. "We apologize for any inconvenience or concern this may cause our members."
The company said that, to date, it has received no reports of misused data arising from the breach and pledged to provide credit monitoring for over two years "free of charge to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service."
Health Net of the Northeast is a subsidiary of managed health care provider Health Net Inc., based in Woodland Hills, Calif. Health Net Inc. is a $15.3 billion company that provides managed medical coverage to some 6.7 million customers in the U.S.
Health Net of the Northeast currently has about 580,000 members and a physician network comprising more than 160,000 doctors, 5,440 pharmacies, and 244 hospitals throughout Connecticut, New York, New Jersey, and Pennsylvania.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!