The first HIPAA-related lawsuit has just been filed by Connecticut Attorney General Richard Blumenthal. The AG is suing Health Net of Connecticut for failing to secure private patient medical records and financial information for 446,000 Connecticut residents and for failing to promptly notify those at risk from the breach.
In his lawsuit, Blumenthal is seeking a court order blocking Health Net from further HIPAA violations.
"Protected private medical records and financial information on almost a half million Health Net enrollees in Connecticut were exposed for at least six months—most likely by thieves—before Health Net notified appropriate authorities and consumers,” said Blumenthal. "The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable. Even more alarming than the breach, Health Net downplayed and dismissed the danger to patients and consumers.”
A forensic consulting firm had determined that the data at Health Net was easily viewable, lacking encryption or other protections from unauthorized access. This went against company policies and against HIPAA compliance law.