Health Net Settles Breach Suit

Pays $250,000 in Connecticut Case

By , July 7, 2010.
Health Net Settles Breach Suit

I

See Also: Insider Threat: Mitigating the Risk

nsurer Health Net will pay $250,000 in damages and offer stronger consumer protections to settle a lawsuit filed by Connecticut Attorney General Richard Blumenthal over a breach in 2009.

The lawsuit, filed Jan. 13, was the first of its kind filed in the wake of the HITECH Act, which enabled state attorneys general to bring civil action in federal court for violations of HIPAA security and privacy rules.

The case, dating back to May 14, 2009, involved the loss of an unencrypted portable disk drive holding records for more than 500,000 enrollees in Connecticut and more than 1.5 million consumers nationwide, according a release from the attorney general. The drive included 28 million scanned, unencrypted pages of documents, such as claims and membership forms, appeals, grievances and medical records, according to the lawsuit. Information in the documents included names, addresses, bank account numbers and Social Security numbers.

Woodland Hills, Calif.-based Health Net agreed to offer those affected two years of credit monitoring, $1 million of identity theft insurance and reimbursement for the costs of security freezes.

Also as part of the settlement, the insurer agreed to a "corrective action plan," to comply with HIPAA, including improved identity theft protection; system controls; management and oversight structures; training for employees; and incentives, monitoring and reports.

Also, the insurer will pay the state another $500,000 if it's determined that the lost disk drive was accessed and personal information used illegally.

Blumenthal alleged that the company delayed notifying consumers and law enforcement authorities about the incident. An investigation by a Health Net consultant concluded the disk drive likely was stolen, he added.

In other healthcare breach news, Blumenthal recently announced that he launched an investigation of a breach at insurer WellPoint Inc. that's now estimated to have affected about 480,000 individuals, including "thousands" in Connecticut. That case involved a web site glitch that exposed patient data.

Follow Howard Anderson on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Prolific Hacker Gets Prison Time

A Massachusetts man who pleaded guilty to hacking the computer networks of law enforcement agencies...

Latest Tweets and Mentions

ARTICLE Prolific Hacker Gets Prison Time

A Massachusetts man who pleaded guilty to hacking the computer networks of law enforcement agencies...

The ISMG Network