Health Net, who recently settled the first HIPAA-related lawsuit for the 2009 loss of a computer disk drive that put 1.5 million patients at risk, has suffered another data breach of a sizeable nature.
The unexplained loss of 9 server drives at its data center has put 2 million Health Net members, employees and health care providers at risk. names, addresses, health information, Social Security numbers and/or financial information
Aside from the large nature of this breach, and the suspicious and potentially increasingly risky loss of so many server drives from an IBM data facility, would be cause enough for media and consumer alarm. However, Health Net has come under criticism for failing to contact customers for nearly 1 month. The breach, discovered on January 21st, was not disclosed until March 14th. No information about the cause of the delay has been released.
"How can nine drives go missing? Could this possibly be an inside job?" asked Beth Givens, director of the nonprofit consumer group, which is based in San Diego and tracks such breaches. "There are more questions than answers."
Health Net is offering affected individuals 2 years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files, as well as identity theft insurance.