Connecticut Insurance Commissioner fines Health Net for major data breach

The fine was part of an agreement reached between the agency and the company that also included Health Net agreeing to provide credit monitoring protection for two years to all Connecticut members and providers who were affected by the 2009 data breach.

The data breach concerned the loss of a disk drive containing personal health information of 500,000 members and Health Net's “untimely notification” of that loss to the Connectictut Insurance Department.

The department said that “Health Net has undertaken significant steps to improve data and equipment security.” The company has also agreed not to pass along the costs of the data securilty improvements to Health Net members.

“We are pleased with the way Health Net responded to the Department’s concerns regarding its internal practices. I believe they have taken the proper actions to implement systemic changes and guard against injury to its members resulting from the lost disk drive”, said Commissioner Thomas Sullivan.

Health Net spokeswoman Lauralee Heckman told the Hartford Courant that the company had no evidence of misuse of the lost data.

The credit monitoring being provided by the company includes $1 million of identity theft insurance coverage and enrollment in fraud resolution services for two years, Heckman said.

The health insurer first reported the lost information in November 2009, six months after it went missing. During that six months, Health Net officials had hired an independent computer company to determine the amount and nature of the information on the hard drive, the newspaper reported.

What’s Hot on Infosecurity Magazine?