SUMwarePremium
join:2002-05-21
kudos:2 | 1.5 Million Medical Files At Risk In Data Breach From The Hartford Courant
November 19, 2009 - said by Matthew Sturdevant :
1.5 Million Medical Files At Risk In Health Net Data Breach
A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said.
The insurance company informed the state attorney general's office and the Department of Insurance Wednesday of the security breach that puts personal medical records at risk in a historic lapse, the first of its kind to be publicly reported.
A portable, external hard drive with Social Security numbers and medical records "disappeared" and is still missing from the insurer's Northeast headquarters in Shelton, a Health Net spokeswoman said Wednesday.
The hard drive contains Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey and New York, the spokeswoman said.
The data were compressed, but not encrypted. The information is formatted as images and requires a special computer program to be read, state and company officials said. Health Net plans to send out letters to its customers notifying them of the breach.
Attorney General Richard Blumenthal and Insurance Commissioner Thomas Sullivan each said he is investigating what happened, and why the company waited six months to report the incident.
The data breach is another in a series of information security lapses involving Connecticut residents in recent months. Most, including a large breach of People's United Bank customer information, have included bank records or Social Security numbers. The missing hard drive at Health Net is the first publicly reported, widespread release of patients' medical records, at least in recent state history.
"Health Net's incomprehensible foot-dragging demonstrates shocking disregard for patients' financial security, as well as loss of their highly sensitive and confidential personal health information," Blumenthal said in a prepared statement.
Sullivan said his office is requiring Health Net to offer credit protection monitoring through Debix, a company that provides identity-theft protection services.
"My main concern is protecting the members and participating providers," Sullivan said. "We are currently working with Health Net to ensure adequate notification and protections for all involved."
Health Net suggests that customers with questions call the company phone number on the back of their benefits card, said Alice Chaves Ferreira, a spokeswoman for Health Net of the Northeast Inc.
"Health Net will provide credit monitoring for over two years — free of charge — to all impacted members who elect this service, and will provide assistance to any member who has experienced any suspicious activity, identity theft or health care fraud between May 2009 and their date of enrollment with our identity protection service," Chaves Ferreira said.
The company didn't know what information was on the hard drive, which is why the information wasn't reported sooner, Chaves Ferreira said. Health Net conducted a lengthy investigation, including a forensic review by computer experts, she said.
It was only then that the company concluded the lost data included a vast trove of information.
Earlier this month, Anthem Blue Cross and Blue Shield of Connecticut reported that a laptop was stolen this summer in the Chicago area, compromising personal information of nearly 850,000 doctors, therapists and other health care providers in 50 states, including 19,000 in Connecticut.
Last year, Bank of New York Mellon lost computer tapes that jeopardized information on more than 600,000 state residents, including many account holders at People's United Bank.
|
|
|
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:2
 ·Frontier Communi..
| I just can't wait until the Feds mandate that every insurer, podunk hospital, and doctor's office all have our personal medical data flowing back and forth online... and stored in heaven-only-knows how many local data caches of questionable integrity and security. The real fun is only just beginning...
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
| said by Blackbird:I just can't wait until the Feds mandate that every insurer, podunk hospital, and doctor's office all have our personal medical data flowing back and forth online... and stored in heaven-only-knows how many local data caches of questionable integrity and security. The real fun is only just beginning... Agreed... |
|
nonymousPremium
join:2003-09-08
Glendale, AZ | reply to SUMware
Why would any data need to flow everything will be covered and free. Just walk in and all you can use. No data to track. |
|
 ModusI hate smartassery on forumsPremium
join:2005-05-02
us | reply to Blackbird
Yea it's going to be a real mess. I wonder if there is a deadline for that though?
I know its going to cost alot of $$$ to get it done
--
Think Ahead. Learn More. Solve Now! |
|
 ironwalker World RenownedPremium,MVM
join:2001-08-31
Keansburg, NJ | reply to SUMware
Another reason not to go to the doctor but see your local chicken/rum dealing witch doctor! |
|
| reply to SUMware
Have any of these "Companies" ever heard of Encryption? I think it's time to pass legislation that makes it mandatory for companies who store personal information of their clients to encrypt them. |
|
| There have been laws since early this decade requiring disclosure of breaches but only since very recently and only in certain states is there comprehensive data protection legislation in force requiring encryption of portable storage devices carrying sensitive information. Many state legislatures are apparently still in process of struggling with the solution, while corporations cry and moan about the undue burden, and I would venture that enforcement must be ahem, haphazard.
--
Scott Brown Consulting |
|
