Health Net, Inc., which provides health insurance coverage to 6 million people nationwide, reported that it is missing
data servers server hard disk drives containing health records and financial information for nearly 2 million individuals. They include current and past customers, employees and heath care providers. Social Security numbers were included for some individuals.
Health Net informed the Washington Attorney General’s Office on Monday that “approximately 39,877" Washington residents may be affected by the data breach.
The company is contacting affected individuals this week by mail and offering them two years of free credit monitoring through Debix Identity Protection Network. The service includes $1 million in identity theft insurance coverage. Health Net will also reimburse affected individuals for any fees associated with applying or thawing a credit freeze, the company said in its letter.
The company said it was notified by IBM, which manages its information technology system, that it could not find the hard disk drives, which were being decommissioned as part of a move from Health Net’s data center operations in Rancho Cordova, Calif., to IBM’s facility in Boulder, Colo.
The San Diego Union-Tribune reports that the company actually discovered the drives were missing on Jan. 21. This is the company’s second security breach in less than two years. News reports indicate that in May 2009, an external hard drive was reported missing that contained medical claims and financial information for about 1.5 million customers. The data wasn't encrypted.
Washington residents affected by the breach should watch their mail for a letter from Health Net that includes instructions on how to register for the identity protection program and an activation code. They may also wish to freeze access to their credit reports. Information about obtaining a security freeze can be found on our Web site at /freeze.aspx.
Here's the news release from Health Net.