Health Net says 1.5M medical records lost in data breach
Connecticut A.G. calls six-month delay in reporting loss 'incomprehensible
Computerworld - A hard drive with seven years' worth of personal financial and medical information on about 1.5 million customers of Health Net of the Northeast Inc. was reported missing to state officials yesterday -- six months after the drive went missing.
Along with medical records, the hard drive contains names, addresses and Social Security numbers of Health Net customers from Arizona, Connecticut, New Jersey and New York. Connecticut has data breach laws requiring individuals be notified of the loss of their personal data without reasonable delay.
The data loss, which occurred in May, was only reported by the insurance company to the Connecticut state attorney general's office and the Department of Insurance yesterday. The device containing the data was an external, portable hard drive. The data had not been encrypted.
Health Net, based in Shelton, Conn., had no information about the data breach on its Web site.
Connecticut Attorney General Richard Blumenthal said his office is investigating the data breach. "Health Net's incomprehensible foot-dragging demonstrates shocking disregard for patients' financial security, as well as loss of their highly sensitive and confidential personal health information," he said in a statement.
"I will demand immediate answers and action, including at least two years of comprehensive identity theft protection for consumers," he said. "We will demand identity theft insurance and reimbursement for credit freezes as well as credit monitoring for at least two years for all 446,000 consumers" in Connecticut whose data is at risk.
The state's insurance commissioner, Thomas Sullivan, said he is requiring Health Net to offer credit protection monitoring through Debix, a company that provides identity-theft protection services.
According to a statement by Health Net, the information on the drive was saved in an image format that cannot be read without special software. Health Net plans to send letters to its customers officially notifying them of the incident.
"Protecting the privacy of our members is extremely important to us," Health Net said. "We apologize for any inconvenience or concern this may cause our members."
The company said that, to date, it has received no reports of misused data arising from the breach and pledged to provide credit monitoring for over two years "free of charge to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service."
Health Net of the Northeast is a subsidiary of managed health care provider Health Net Inc., based in Woodland Hills, Calif. Health Net Inc. is a $15.3 billion company that provides managed medical coverage to some 6.7 million customers in the U.S.
Health Net of the Northeast currently has about 580,000 members and a physician network comprising more than 160,000 doctors, 5,440 pharmacies, and 244 hospitals throughout Connecticut, New York, New Jersey, and Pennsylvania.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!