By Melanie Griffith
After Health Net, Inc. in California announced on Monday that several of the data servers that contained sensitive health and personal information on its enrollees were unaccounted for, state officials said that the security violation involves "personal information for 1.9 million current and past enrollees nationwide."
The only stand-alone HMO watchdog agency in the nation, California Department of Managed Health Care also provided further details beyond the statement of the plan, saying that the records missing from the nine servers are "for more than 622,000 enrollees in Health Net products regulated by the DMHC, more than 223,000 enrolled in the California Department of Insurance products (another state agency that has oversight responsibility) and a number enrolled in Medicare."
DMHC spokesperson Lynne Randolph said, "The DMHC has opened an investigation into Health Net's security practices. Health Net has agreed to provide two years of free credit monitoring services to its California enrollees, in addition to identity theft insurance, fraud resolution and restoration of credit files, if needed."
In a statement posted on its website, neither did Los Angeles-based health plan specify the number of servers, only saying that there are "several," nor did they specify the number of enrollees whose data may have been compromised. The files have been characterized as "unaccounted for." On being asked if the DMHC's statement regarding the scope of the breach is accurate, Health Net spokesman Brad Kieffer said, "Our press release constitutes our statement to the media."
Health Plan said that the investigation "follows notification by IBM, Health Net's vendor responsible for managing Health Net's IT (information technology) infrastructure, that it could not locate several server drivers." The Health Plan statement said, "Personal information of some former and current Health Net members, employees and health care providers is on the drives, and may include names, addresses, health information, Social Security numbers and/or financial information."
Health Net added that it is notifying the individuals whose information is on the drives "out of an abundance of caution."
