Friday, January 15, 2010
Conn. AG sues Health Net over ‘ethically unacceptable’ data breach
The suit by Richard Blumenthal alleges that the insurer failed to effectively supervise and train its workforce on policies and procedures concerning the appropriate maintenance, use and disclosure of protected health information. It also names UnitedHealth Group and Oxford Health Plans, who were not responsible for the breach, Blumenthal noted, but recently acquired ownership of Health Net of Connecticut.
In November 2009, the insurer notified officials in three states about a missing disk drive at its Shelton, Conn., office that contained the personal information of 1.5 million members. A spokesman for the company told IFAwebnews.com that the drive contained personal information gathered over a seven-year period for 446,000 members in Connecticut, about 340,000 members in New Jersey and New York, and the remainder from Arizona.
The company said while the drive was discovered missing in May 2009, it took a “detailed forensic review” to discover what was on the drive and that the information cannot be accessed without special software.
In a statement to IFAwebnews.com, Health Net said it has received a copy of the lawsuit and “is in the process of reviewing it.
“We will continue to work cooperatively with the Connecticut Attorney General on this matter,” the company said.