Health Net says that it provides health benefits to approximately 6 million people in the U.S. through health plans and government-sponsored managed care plans in group, individual, Medicare Part D, Medicaid, Department of Defense and TRICARE and Veterans Affairs programs. Its behavioral health services subsidiary, Managed Health Network, Inc., provides behavioral health, substance abuse and employee assistance programs to approximately 5.4 million individuals.
Health Net also includes this statement: "To help protect the personal information of affected individuals, Health Net is offering them two years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files, as well as identity theft insurance. These services will be provided through the Debix Identity Protection Network."
The files reportedly went missing from Health Net's data center in Rancho Cordova, near Sacramento.
This is the second time in less than a year that the large national health plan had a major breach of personal health information.
In January of this year, Health Net paid for the third time over its loss of a portable disk drive that exposed PHI of 1.5 million people. Vermont's state attorney general fined the insurer $55,000; the case included 525 Vermonters.
Health Net discovered the drive was missing May 14 but did not start notifying affected parties until more than six month later, the state AG's office reported.
Vermont Attorney General William Sorrell's January 14 complaint against Health Net, Inc., and Health Net of the Northeast, Inc. charges the insurer with violations of HIPAA, Vermont's Security Breach Notice Act, and the Consumer Fraud Act.
Regarding the same breach, Health Net not only settled with the Connecticut state attorney general's office for $250,000, but also with the Connecticut Insurance Commission. That state AG's office reached a settlement with Health Net in which the insurer had to pay the state $375,000 in penalties for failing to safeguard the personal information of its members from misuse by third parties.
Additional reporting provided by HCPro's Dom Nicastro.