Indianapolis — Personal information that may have included Social Security numbers and pharmacy or medical data for about 128,000 WellPoint Inc. customers in several states was exposed online over the past year, according to the health insurer.

The Associated Press reports that Indianapolis-based WellPoint recently learned about the problem, fixed it and is notifying customers, according to spokeswoman Shannon Troughton. The nation's largest health insurer by membership is offering free credit-monitoring services for those customers, but has received no reports of identity theft or credit fraud.

The latest security lapse stems from two servers maintained by an outside vendor that Troughton declined to identify. The vendor specializes in data management.

WellPoint learned early last year that a server was improperly secured, and that information on about 1,350 customers may have been exposed online and was vulnerable to Internet search engines. The insurer fixed that breach quickly, Troughton said.

But the company recently learned that a second server had problems, which exposed information of more than 128,000 customers to Internet access for about a year. That data had some code protection and couldn't be found by people using search engines.

This new problem has been corrected, Troughton said, and the company is working with experts to improve its security. WellPoint is still using the same vendor.

"We're constantly working to fortify and bolster our security," she said.

WellPoint ran into security problems last year when Empire Blue Cross Blue Shield, a New York-based subsidiary of WellPoint Inc., reported that Magellan Behavioral Health Services located a CD sent via UPS by Health Data Management Solutions, a third-party vendor to Magellan, an Empire benefit program administrator, that included some members' personal health information. The CD was lost in transit but was located.

Source: and INN archives

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access