Managed care company loses data on 446,000 patients

December 10, 2009

The Connecticut attorney general's office is investigating the loss of health information of 446,000 state residents by managed care company Health Net and the company's six-month notification delay.

The Connecticut attorney general’s office is investigating the loss of health, personal, and financial information of 446,000 Connecticut residents by managed care company Health Net, as well as the company’s six-month delay in informing consumers and the state of the breach. Both actions may violate state and federal law, according to an announcement from the state.

“Another day, another data breach, but companies still don’t get it: personal information is like cash and should be guarded with equal care. Casual and cavalier attitudes toward data protection and breaches are intolerable and must stop,” Attorney General Richard Blumenthal said in the announcement. He is asking the company to provide two years of identify theft protection for affected patients.

 The information was on a hard drive that disappeared from Health Net’s office in Shelton, Connecticut. The data, including Social Security numbers and other information, was compressed but not encrypted, although a specialized computer program is required to read it.