The health insurer said that it is conducting an investigation into several server drives that are “unaccounted for” at its data center in Rancho Cordova, Calif. The investigation follows notification by IBM, the vendor responsible for management of its IT infrastructure, that it could not locate the server drives.
“After a forensic analysis, Health Net has determined that personal information of some former and current Health Net members, employees and health care providers is on the drives, and may include names, addresses, health information, social security numbers and/or financial information”, Health Net said in a statement.
Although Health Net did not disclose the number of members affected by the breach, the California Department of Managed Health Care (DHMC) said the breach involved the loss of nine server drives containing personal information on 1.9 million current and past members.
The DMHC said that Health Net agreed to provide two years of free credit monitoring services to California members affected by the data breach.
This data breach follows one in 2009 that affected 1.5 million customers. In that breach, Health Net lost an unencrypted hard drive that contained customers’ social security numbers, medical records, and health information from its Connecticut office. That breach resulted in a $375,000 fine by the Connecticut Insurance Commissioner.