Jepsen gets involved in data breach
HARTFORD, Conn. (Legal Newsline) - Connecticut Attorney General George Jepsen announced on Monday that he has contacted a health care company that allegedly may have compromised the identity and credit protection of approximately 25,000 consumers in Connecticut.
Health Net has admitted that nine of its unaccounted server drives from its Rancho Cordova, Calif., location contain information on 24,599 Connecticut residents. This includes information for 18,279 Medicare subscribers, 700 Medicaid subscribers and 5,620 commercial subscribers.
In a letter to the company, Jepsen requested pertinent information about the data breach, including all steps the company has taken to protect the individuals affected. He also wants assurances that this will not happen again.
"Health insurance companies have access to very sensitive and personal information. They have a duty to protect that information from unlawful disclosure," Jepsen said. "I am asking the company to provide credit monitoring services for two years, identity theft insurance and security freeze reimbursements for the customers affected."
The state reached a settlement with Health Net of the Northeast Inc. in July over a computer disk drive lost in May 2009 that allegedly contained sensitive information regarding protected health and other private information for over 500,000 Connecticut citizens and 1.5 million consumers nationwide.
Information contained on the drive included names, addresses, Social Security numbers, protected health information and financial information.
The state reached a $250,000 settlement with Health Net, as well as parent companies UnitedHealth Group Inc. and Oxford Health Plans. The agreement resolved allegations that the company was in violation of the federal Health Insurance Portability and Accountability Act of 1996.