Intelligence Unit
Special Reports
Special Events
Subscribe
Sponsored
Departments
- Leadership
- Finance
- Technology
- Physicians
- Community Hospitals
- Health Plans
- Marketing
- Quality
- Nursing
- HR
Follow Us
CA Investigating Latest Health Net Data Breach
After Health Net, Inc. in California announced Monday that several data servers containing sensitive health and personal information on its enrollees are unaccounted for, state officials said the security breach involves "personal information for 1.9 million current and past enrollees nationwide."
The California Department of Managed Health Care, the only stand-alone HMO watchdog agency in the nation, also provided further details beyond the plan's statement, saying that the missing records on nine servers are "for more than 622,000 enrollees in Health Net products regulated by the DMHC, more than 223,000 enrolled in the California Department of Insurance products (another state agency that has oversight responsibility) and a number enrolled in Medicare."
"The DMHC has opened an investigation into Health Net's security practices," said DMHC spokesperson Lynne Randolph. "Health Net has agreed to provide two years of free credit monitoring services to its California enrollees, in addition to identity theft insurance, fraud resolution and restoration of credit files, if needed."
In a statement posted on its website, Health Net did not specify the number of servers, saying only that there are "several," nor did the company specify the number of enrollees whose data may be compromised. It characterized the files as "unaccounted for." Asked if the DMHC's statement regarding the scope of the breach is accurate, Health Net spokesman Brad Kieffer says, "Our press release constitutes our statement to the media."
The Los Angeles-based health plan said the investigation "follows notification by IBM, Health Net's vendor responsible for managing Health Net's IT (information technology) infrastructure, that it could not locate several server drivers.
"Personal information of some former and current Health Net members, employees and health care providers is on the drives, and may include names, addresses, health information, Social Security numbers and/or financial information," the Health Net statement said.
Health Net says it is notifying the individuals whose information is on the drives "out of an abundance of caution."
- $6.4B Henry Ford, Beaumont Merger Failed on Cultural Hurdles
- Fortunately, Angelina Jolie Isn't On Medicare
- Don't Let Nurses Sink Your Bottom Line
- House Lawmakers Grill CMS Over Health Exchange Navigators
- How Chargemaster Data May Affect Hospital Revenue
- Hospitals Profit On Bloodstream Infections
- Primary Care Docs Average More Hospital Revenue Than Specialists
- Hospital Pricing Transparency a Marketing Game Changer
- Less Blood Testing for Some Surgeries Safe, Cost Effective
- ED Physicians Key to Half of Hospital Admissions
Comments are moderated. Please be patient.
David Harlow JD MPH (3/15/2011 at 9:51 AM)
It's both surprising and unsurprising that this has happened again to HealthNet. See http://j.mp/9ICQtq for more detail on the CT case last year. See http://j.mp/ebf0Lv and http://j.mp/grXqMf for info on recent MA and MD cases (not HealthNet). In these several cases, we have examples of individual sloppiness, of ineffective corporate policies and procedures, and of gross neglect/fraud/incompetence. The question arises: is HIPAA (and the state law analogues) the right instrument to address all three sorts of problems? Since it seems that it is not having an effect on any of them, I would suggest that the answer is no. We need to retrench and figure out how best to address each of these scenarios.