Indianapolis — Personal information that may have included Social Security numbers and pharmacy or medical data for about 128,000
The Associated Press reports that Indianapolis-based WellPoint recently learned about the problem, fixed it and is notifying customers, according to spokeswoman Shannon Troughton. The nation's largest health insurer by membership is offering free credit-monitoring services for those customers, but has received no reports of identity theft or credit fraud.
The latest security lapse stems from two servers maintained by an outside vendor that Troughton declined to identify. The vendor specializes in data management.
WellPoint learned early last year that a server was improperly secured, and that information on about 1,350 customers may have been exposed online and was vulnerable to Internet search engines. The insurer fixed that breach quickly, Troughton said.
But the company recently learned that a second server had problems, which exposed information of more than 128,000 customers to Internet access for about a year. That data had some code protection and couldn't be found by people using search engines.
This new problem has been corrected, Troughton said, and the company is working with experts to improve its security. WellPoint is still using the same vendor.
"We're constantly working to fortify and bolster our security," she said.
WellPoint ran into security problems last year when Empire Blue Cross Blue Shield, a New York-based subsidiary of WellPoint Inc., reported that Magellan Behavioral Health Services located a CD sent via UPS by Health Data Management Solutions, a third-party vendor to Magellan, an Empire benefit program administrator, that included some members' personal health information. The CD was lost in transit but was located.
Source: PR-Inside.com and INN archives
