Log in

Posts Tagged ‘Health insurance’

Wellpoint Sued by Indiana AG Over Health Data Breach

November 4th, 2010

The Monetary Value: $300,000

The Fault: Delay in notification to customers about online exposure of medical records, credit card numbers and other sensitive information.

Health insurer Wellpoint is facing allegations in a law suit as apparently critical consumer health data was at risk for over 137 days on the website of Wellpoint. Apparently, the Consumer health data was at risk for 137 days through an unsecured Wellpoint website.

The attorney in the region of Indiana has filed suit against health insurer Wellpoint for causing un-necessary delay in notifying customers about the data breach. According to the law in Indiana, businesses are required to notify individuals who are affected by data breaches. In addition, the businesses are also required to notify the attorney general’s office about the breach.

As per the information that has been conveyed by the attorney general’s office, the exposed data includes social security numbers, health records, financial information. This is data of over 32,000 customers across Indiana. The data was available during the months of October 2009 and March 2010 and as stated above it was for a period of 137 days. The data was submitted to Wellpoint from applicants seeking insurance coverage.

As per the Attorney General Zoeller, WellPoint learned of the breach, which had affected more than 32,000 Indiana citizens, on Feb. 22 itself but it did not begin notifying customers until almost four months later. In response the state is seeking over $300,000 in civil penalties.

“The Attorney General’s Identity Theft Unit continues to investigate the WellPoint data breach and encourages those who may have been affected to perform a credit check and a security freeze to guard against identity theft. By law, security freezes are available for free to residents of Indiana.”

From their side, the AG office had informed Wellpoint on separate dates in the months of February 22 and March 8 of this year. But apparently, Wellpoint only began notifying the customers on June 18, 2010.

AG office issued a statement in which they said, “While most inadvertent security breaches do not result in fraud, notifying those affected in a timely manner significantly reduces the risk of identity theft,”. “Situations involving the theft of personal information for the purposes of identity theft most often result in some form of fraud occurring within seven to 10 days”.

For detailed information please visit the informationweek link.

How Alertsec Xpress Would Have Helped

Feel worried after reading the above news story? Have potentially un-secure data in your enterprise? This could be you!! Don’t wait to take the right-decision and invest in computer security software on the right occassion.

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Indiana AG Sues Wellpoint Over Health Data Breach (informationweek.com)
Indiana AG sues WellPoint over data breach (thetechherald.com)
Indiana AG Sues WellPoint Over Data Breach (palisadesystems.com)

No comments »

Posted in Computer security, computer security software

Tags: Attorney general data breach Health insurance identity theft Indiana information week Law Social Security number WellPoint

$15000 spent by Fort Worth Medical Clinic in notifying patients of theft

August 10th, 2010

In June, four computers containing patients’ personal information including Social Security numbers, addresses, birth dates and diagnosis were stolen from Fort Worth allergy clinic.

This week Fort Worth Allergy and Asthma Associates spent $15,000 mailing letters notifying the clinic’s 25,000 patients of the burglary. Dr. Robert Rogers said “in terms of sensitive clinical information that could be taken, we’re an allergy clinic so I don’t think there was anything embarrassing taken, it’s bad enough that they did get identity information like Social Security numbers”.

“The cost of doing the mailing is more than cost of replacing the equipment,” Rogers added.

Since September, the Health Insurance Portability and Accountability Act (HIPAA) has required that a data breach involving unsecured protected health information of more than 500 people must be reported to the federal government. Also, all the affected parties and major news agencies must be informed of the data breach.

“None of the stolen property has been recovered. But to prevent a similar loss, all personal information is now stored in an off-site server with access allowed only through a secured, encrypted virtual private network”, Rogers said.

Prevent Data Breach with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

No comments »

Posted in AlertSec Xpress, computer security software, data breach

Tags: data breach data security Fort Worth Fort Worth Texas Health insurance Health Insurance Portability and Accountability Act Personally identifiable information Robert Rogers (soldier) Social Security number United States

AMR Data Breach: 79000 Employees info at risk

July 12th, 2010

: A Hard Disk Drive

The parent company of American Airlines, AMR has suffered from one of the largest and possibly the most severe data breach incidents in this year.

How did the breach happen?

The hard disk drive which contains sensitive information of over 79,000 employees was stolen from the Texas based corporate headquarters of AMR. The incident was reported at the company headquarters in Fort on June 4, 2010. Luckily no customer information was stolen.

How sensitive was the data?

The disk contained data of more than 79,000 current, former and retired employees and all of the data was very critical. The drive had images of microfilm files, containing names, addresses, dates of birth, Social Security numbers and a “limited amount” of bank account information. In addition there is a possibility that health insurance information could have been also included. Further, it could have contained details about coverage, treatment and other administrative information.

The employee data was spanning from 1960 through 1995 and included benefits information for employees still working for AMR’s various business units including American Airlines.

What could be the impact of the incident?

While no fines have been issued on AMR, going by the fines on other industries AMR could soon witness something similar. Apparently, the state regulators in California have handed out $675,000 in fines to 5 hospitals for security breach incidents of patient files.

What action did AMR take?

According to AMR spokeswoman Stacey Frantz no one has been arrested, nor any employee dismissed in connection with the theft. Frantz said, “The company delayed announcing the theft because it “needed time to understand the scope of the data” and to arrange one year of free credit monitoring for former employees and a small number of the company’s 86,675 active employees who may be affected”.

Like it happens in all incidents of these types, the company has started mailing out notification letters to all employees and retirees from the beginning of last week. To counter the problem, the company is offering a free year of credit-monitoring services. In addition, it is believed to have initiated new security procedures at its headquarters to prevent future data breaches of this magnitude.

People from the union have expressed their concerns about the loss of data and are also hoping that nothing serious comes out of the incident.

Patrick Hancock, national retirement specialist for the Association of Professional Flight Attendants, said, “We wish they were more careful with the data at the headquarters, like union people are careful with the airplanes out in the world”.

Is this Covered under HIPAA?

All of us are very well aware of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The obvious question is whether this incident is considered under HIPAA or not? The answer is no and it because of the age of the files and other factors. But according to AMR they are definitely following HIPAA compliance, and will take measures to secure the confidentiality of all health and welfare information maintained by them.

Are you suffering from the breach?

In case you or someone know has been impacted by the breach incident, you can visit the frequently asked questions (FAQ Section) on website at www.amrfaq.com. The website also contains addition information and steps individuals may take to protect themselves.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

No comments »

Posted in Data Protection, Uncategorized, data breach

Tags: American Airlines data security Health insurance Health Insurance Portability and Accountability Act insurance security Social Security Social Security number

Laptop theft at New Mexico

May 11th, 2010

: Image via Wikipedia

Laptop encryption is vital not only from a perspective of providing protection against laptop theft but also from a view of ensuring the data present inside laptop is secure and upto date.

A couple of months back, an employee for a company that processes dental benefits claims filed for a stolen car report. Apparently, the vehicle’s trunk contained an ‘un-secure/unencrypted’ laptop which had loads of patient information. On learning about the incident, the New Mexico Human Services Department started sending notification messages to nearly 10,000 users of the government’s low-income health insurance program about potential for ID theft.

The information of patients included:

Name
Health plan identification number
A provider identification number but not the name of the provider

Additionally, the agency has also notified 9,500 New Mexicans who use its Medicaid Salud plan about a possible security breach.

Apart from notification letters, the group has set up a toll-free call line through DentaQuest, 1-877-453-8424, to address queries from people affected by the incident. The helpline operates from 9:00 a.m. to 5:00 p.m. MDT, Monday through Friday.

According to the agency, “The computer was password protected but otherwise did not have safeguards to prevent unauthorized access to the information. At this time, the stolen car and laptop have not been recovered and it is not known whether the information on the laptop has been accessed.”

The theft and security breach has been reported to the U.S. Department of Health and Human Services.

Stay Secure with Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For more information, visit our website right now.