On Monday, Health Net announced that it has lost digital records containing personal data on about 1.9 million current and former policyholders, the San Diego Union-Tribune reports.
The incident is Health Net's second security breach in two years. In 2009, Health Net's Connecticut office lost a portable hard drive that contained health and financial data on 1.5 million policyholders (Lavelle, San Diego Union-Tribune, 3/14).
Details on New Data Breach
According to the California Department of Managed Health Care, Health Net reported that nine server drives went missing from its data center in Rancho Cordova, Calif.
Health Net said the data might have included:
- Names;
- Social Security numbers;
- Addresses;
- Health information; and
- Financial information (Glover, Sacramento Bee, 3/15).
Health Net said the missing drives contained personal data on its employees, health care providers and policyholders. The insurer said it discovered the breach when it received a notification that IBM -- which handles the insurer's IT infrastructure -- could not locate the server drives (San Diego Union-Tribune, 3/14).
Health Net Response to Breach
On March 4, the insurer notified the Connecticut Office of the Attorney General about the latest breach by telephone. On March 14, Health Net issued a public notice about the incident (Goedert, Health Data Management, 3/14).
Health Net said it is notifying affected individuals "out of an abundance of caution" (Clark, HealthLeaders Media, 3/15). The health plan would not say whether the drives were stolen (AP/San Francisco Chronicle, 3/14).
Health Net said it would offer two years of no-cost credit monitoring and fraud resolution services to affected individuals. The insurer also said it would offer credit restoration and identity theft insurance if needed (Robertson, Sacramento Business Journal, 3/14).