Health Net loses medical records of 1.5 million customers

Posted by Steve Burgess at 11/20/2009 12:42 PM
Categories: computer forensics,data loss
Tags: health net computer forensics data loss

Health Net, a $15 Billion health insurance company with more than six and a half million clients somehow let data for more than 20% of that number slip from its control about six months ago - possibly in May, 2009 - and only informed the government and the public about it this week. 

A portable external hard disk in Health Net's Northeast HQ in Connecticut seems to have disappeared about six months ago. The company opted not to inform those potentially affected while it performed an internal review and conducted computer forensic reviews in order to find out what might have been on the missing hard drive.

What they discovered was that information including Social Security numbers. medical records and health information for about 1.5 million customers from Arizona, Connecticut, New Jersey and New York was on the drive. The data was in the form of images and was not encrypted. It went unmentioned whether the images included photographic images of client, x-rays, or simply imaged text or other such data. The data apparently dates from 2002 to May 2009.

Connecticut's Attorney General  Richard Blumenthal said, "Health Net's incomprehensible foot-dragging demonstrates shocking disregard for patients' financial security, as well as loss of their highly sensitive and confidential personal health information." AG Blumenthal and CT Insurance Commissioner Thomas Sullivan are both planning investigations into the incident and why it took so long for Health Net to come forth with the information. 

Sullivan is requiring the insurance company provide to contract credit protection services for the affected customers. Health Net has hired Debix to provide these services for a period of two years. Health Net is now in the process of sending letters to affected customers. 

It is notable that multiple articles on the subject report that Health Net's spokespeople say that the data is "in an image format that cannot be read without special software". They do not mention to what special software they are referring. The author notes that Microsoft Word documents, for instance, are also in a format that requires special software (most any word processing program) to read them. 

Health Net's statement is here  and you may read more on the story here.

 

What did you think of this article?




Trackbacks
Trackback specific URL for this entry
  • No trackbacks exist for this entry.
Comments
Display comments as (Linear | Threaded)
Page: 1 of 1
  • 12/9/2009 10:25 AM James L wrote:
    I am very upset that individuals responsible at Health Net allowed important information that could harm millions of people to be "misplaced" then they allowed six months to pass without reporting it. My checking account was violated and money was stolen and my familys life was upside down for weeks. Question, Is anybody going to have to answer for there lack of judgement and / or security?
    Reply to this
    1. 12/10/2009 6:05 PM Steve Burgess wrote:
      I can see that you would be upset! Connecticut's attorney general and its Insurance Commissioner Thomas Sullivan are both planning investigations into the incident and why it took so long for Health Net to come forth with the information. WIll they force Health Net as an organization or individuals within it to take responsibility and will their action s allow individuals to be paid back? I do not know. Furthermore, these agencies' actions may be only on behalf of citizens of the Nutmeg State. Those in other states may have to get their own agencies to look into it as well.
      Reply to this

Page: 1 of 1
Leave a comment

Submitted comments will be subject to moderation before being displayed.

 Enter the above security code (required)

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.