Health Net Data Breach – 1.5 Million Records At Risk With Missing Portable Hard Drive
Posted Nov 19 2009 10:01pm
Members in 3 states going back to 2002 are at risk and will receive free credit services. Recently Blue Cross was in the news for a similar type of incident with exposing provider information. The hard drive was lost 6 months ago and is just now being reported so if it did fall into the hands of someone trying to take advantage with identity theft some activity could have already taken place. I would think the company would back date the protection services to in order to protect members.
Once again, this makes a real loud statement about security and the use of external drives and flash drives containing patient and provider information which should be stored on a secured server. Sure there are issues there as well but it’s a bit more difficult to break into a full on server than having a non-encrypted drive in one’s hands. BD
A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said. The insurance company informed the state attorney general's office and the Department of Insurance Wednesday of the security breach that puts personal medical records at risk in a historic lapse, the first of its kind to be publicly reported.
A portable, external hard drive with Social Security numbers and medical records "disappeared" and is still missing from the insurer's Northeast headquarters in Shelton, a Health Net spokeswoman said Wednesday. The hard drive contains Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey and New York, the spokeswoman said.
Sullivan said his office is requiring Health Net to offer credit protection monitoring through Debix, a company that provides identity-theft protection services. "My main concern is protecting the members and participating providers," Sullivan said. "We are currently working with Health Net to ensure adequate notification and protections for all involved."