Insurer Breach Affects Four States

Insurer Health Net is reporting to insurance officials in four states the disappearance of a hard drive with protected health information of 1.5 million covered members. The reporting comes six months after the Los Angeles-based insurer learned the hard drive was missing.

The data breach affects individuals in Arizona, Connecticut, New Jersey and New York. Data on the hard drive includes identifiable medical records and Social Security numbers. Health Net plans to notify affected individuals.

Some 446,000 of those individuals live in Connecticut, where the state attorney general and insurance commissioner are investigating, according to the Hartford Courant. Insurance Commissioner Thomas Sullivan on Nov. 18 sent a letter to Health Net requesting information covering eight areas, including the long delay in reporting the breach. Sullivan is requiring that Health Net provide adequate credit monitoring protection through a specific company to affected individuals in Connecticut for two years.

According to Health Net, data on the hard drive was not encrypted, but is invisible without the use of specific software. The company told the Hartford Courant a lengthy investigation that involved a forensic review to determine what information was on the hard drive accounted for the delay in reporting the breach.

A few weeks ago, INN reported a similar admission from Blue Cross Blue Shield, which had a laptop stolen in September containing the financial information of 850.000 health care professionals. The Hartford Courant also broke that story.

New federal rules mandated under the American Recovery and Reinvestment Act requiring "timely" notification of certain breaches of health information now are effective with a compliance deadline of Feb. 22, 2010.

This story has been reprinted with permission from Health Data Management.

For reprint and licensing requests for this article, click here.
Security risk Policy adminstration Data security Core systems
MORE FROM DIGITAL INSURANCE