Medical insurance giant Health Net apparently waited 6 months to notify authorities of the breach of 1.5 million consumer and physician’s medical records.
The breach occurred in a Health Net office in Connecticut, but consumers in Connecticut are not the only group exposed; HealthNet also provides services in Arizona, California, New Jersey, New York, Oregon, and Washington State.
According to an article by the Health Information Trust Alliance Connecticut Attorney General Richard Blumenthal reaction to the belated notification was severe, “I am outraged and appalled by Health Net’s huge loss of personal financial and medical information and its failure to swiftly inform authorities and consumers. This information vanished six months ago, but Health Net is only now informing authorities and consumers, an inexcusable and inexplicable delay. Health Net’s incomprehensible foot-dragging demonstrates shocking disregard for patients’ financial security, as well as loss of their highly sensitive and confidential personal health information.”
Blumenthal went on to say “Another day, another data breach, but companies still don’t get it: personal information is like cash and should be guarded with equal care. Casual and cavalier attitudes toward data protection and breaches are intolerable and must stop. I will fight to compel companies to fully safeguard personal information, quickly inform consumers of breaches and properly protect them when losses occur.”
Health Net’s inaction is inexcusable… and far too common. Personal health records have become a hot new and lucrative target for hackers and ID thieves as more medical data has been dumped online without appropriate security precautions.
Learn more about the scope of personal data record theft and why the notification rules for personal health record breaches aren’t going to work by reading my blogs:
- 220 Million Personal Data Records Exposed So Far This Year
- HHS Issue Notification Rules for Personal Health Record Breaches – But What Prevents Breaches?