NEWARK, N.J. (Legal Newsline) — New Jersey Attorney General Christopher S. Porrino announced Feb. 17 that Horizon Healthcare Services Inc., the state’s largest health care provider, will pay $1.1 million and improve data security practices after allegations of failing to properly protect the privacy of close to 690,000 New Jersey policyholders.
According to Porrino’s office, the company had the personal information of all these consumers stored on two laptops at its headquarters. These laptops were stolen.
During the weekend in which the theft occurred, numerous outside vendors were working in the headquarters and had access to these laptops. Porrino said the personal information of consumers was not encrypted, as is required by the federal Health Insurance Portability Accountability Act, as amended by the Health Information Technology for Economic and Clinical Health Act (“HIPAA/HITECH”).
“Protecting the personal information of policyholders must be a top priority of every company. Customers deserve it and the law demands it,” said Steve Lee, director of the Division of Consumer Affairs. “Horizon Blue Cross Blue Shield of New Jersey’s alleged security lapses risked exposing policyholders’ most private information to the public, leaving them vulnerable to identity theft. This settlement ensures that Horizon BCBSNJ will maintain appropriate data privacy and security protocols to prevent future data breaches.”
Handling the case for New Jersey were deputy attorneys general Elliott M. Siebers and Russell M. Smith Jr., and assistant attorneys general John M. Falzone III and Brian McDonough.