Today, we are living in an extremely competitive world. At every instant, every action there’s a risk involved. Risk of data loss, data which is extremely critical and confidential. This is why data security is a component for any business. If you do not live upto the expected standards there are bound to be severe problems.

Today’s case in point is Health Net of Connecticut. Lets look at the sequence of events !

The Attorney General (AG) of Connecticut, Mr. Richard Blumenthal has apparently filed a legal case against Health Net of Connecticut for causing the leak of for highly confidential medical records of patients. It is believed that the loss has been attributed to financial information as well and scales over to 4,46,000 records.

In a right move, Bluementhal has also demanded the harddisk encryption of all electronic data which is guided by the Health Insurance Portability and Accountability Act (HIPAA).

Since the HIPAA has been violated, this case also demonstrates severe action taken by State attorney general.

A statement issued by Bluementhal said, “Protected private medical records and financial information on almost a half million Health Net enrollees in Connecticut were exposed for at least six months—most likely by thieves—before Health Net notified appropriate authorities and consumers”. “The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable. Even more alarming than the breach, Health Net downplayed and dismissed the danger to patients and consumers.”

The data leak incident

It was about ‘8′ months ago when it was discovered that a portal computer hard disk was misplaced from the Shelton office of the company. The contents of the disk contained the following data of 4,46,000 enrollees:

1. Social security number (SSN)
2. Confidential health info
3. Bank account number

Part of the leakage was also due to carelessness on behalf of the official at Health Net. They didn’t bother to inform the authorities about this incident.

The mission information had over 27 million pages, 120 categories of document and contained the following:

1. Insurance claim forms
2. Membership forms
3. Appeals and Grievances
4. Correspondence/Medical records

According to us the biggest problem in this case was the storage device for data. Instead of using a secure server, a portable disk drive was used for capturing highly confidential information.

It was understood that the company officials at Health Net had hired an independent computer company, Kroll, to understand and estimate the type and the amount of data on the hard drive. In addition, few weeks back the experts at Kroll had determined the theft of two laptops again raising serious security eyebrows about laptop security and laptop encryption mechanism.

Had the data been encrypted or protected from viewing access, it would have been better. The access to unauthorized persons or third parties could have been avoided by stopping access to commonly used software.

On their part Health Net told IFAwebnews.com that “protecting the privacy of our members is extremely important to us” and that company policy requires all data to be encrypted and secured. “To date, Health Net has no evidence that there has been any misuse of the data,” the company, which is offering two years of free credit monitoring to all affected members, said.

Related articles by Zemanta

• Health Net Sued By Connecticut Attorney General – Someone’s Enforcing HIPAA For A Change (ducknetweb.blogspot.com)
• Health Net Data Breach – 1.5 Million Records At Risk With Missing Portable Hard Drive (ducknetweb.blogspot.com)
• Health IT Roundup: Problems With Privacy, Access To Records Highlighted In News Reports (medicalnewstoday.com)

• Previous Entry: Preventing Twitter Outage
• Next Entry: The Cost of a Data Security Breach