Health Net discloses loss of data to 1.9 million customers
Insurer says server drives missing from IBM-run California data center contain personal, medical data
Computerworld - Health Net, a provider of managed health care services, yesterday said that it's alerting some 1.9 million customers that nine server drives containing personal and health data were recently discovered to be missing from a data center in Rancho Cordova, Calif.
The data center is managed for Health Net by IBM, which notified the insurer about the missing drives, Health Net said in a statement.
An initial probe has found that the missing drives contained names, addresses, Social Security numbers, financial information and health data of current and former Health Net members, employees and health care providers, the statement said.
Health Net said it will offer two years of free credit monitoring services to the affected individuals.
In its statement, Health Net didn't disclose the number of people affected by the breach or the number of drives that went missing. That information was contained in a separate alert, also issued Monday, from the California Department of Managed Health Care (DHMC).
The DHMC alert said the breach affects nearly 845,000 Health Net customers in California. The DHMC said it's also investigating the breach.
In a similar alert in Connecticut, Connecticut Attorney General George Jepsen said the Health Net breach affected nearly 25,000 residents in that state. According to an alert issued Monday by Jepsen's office, the drives were likely discovered missing in early February.
Health Net did not respond to a call seeking comment on the California and Connecticut alerts.
Less than 18 months ago, in November 2009, Health Net had disclosed that a server hard drive containing seven years of personal financial and medical information had gone missing. At the time, Health Net was criticized for waiting six months to publicly disclose the breach.
The latest Health Net breach disclosure comes amid signs that the U.S. Department of Health and Human Services (HHS) is boosting its efforts to enforce federal HIPAA security and privacy regulations.
For instance, HHS in February imposed a civil penalty of $4.3 million on Cignet Health for not giving 41 patients access to their medical records when they asked for it, as required under HIPAA rules. The action marked the first time that HHS had imposed such a fine over a privacy violation.
In a separate enforcement action, also in February, HHS announced that Massachusetts General Hospital agreed to pay $1 million to settle potential HIPAA privacy violations. That action stemmed from a 2009 incident in which documents containing personal, financial and medical information belonging to 192 individuals were inadvertently left on a subway car by an employee.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!