Health Net data breach likely caused by theft, Connecticut official says

The state attorney general also questions whether the health information leaked was as indecipherable as the plan claimed.

By Emily Berry — Posted Dec. 24, 2009

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

Health Net is defending its account of a data breach earlier this year, following criticism by Connecticut Attorney General Richard Blumenthal, who said the data disk the company claimed had "gone missing" from its Shelton, Conn., office most likely was stolen.

Citing a report by Kroll, a security firm Health Net hired to investigate, Blumenthal said in a Dec. 7 announcement that Health Net's story contradicted what its own consultants found.

"Health Net has gone out of its way to dismiss and downplay this serious security breach when it should have been focusing on notifying and protecting people who may be at risk of financial fraud or having health information leaked," Blumenthal said.

The disk, which contained physician information, disappeared in May. Health Net did not notify anyone until November. The company said it needed to investigate exactly what was on the missing drive before notifying the state attorney general's office.

Blumenthal noted that two laptops were stolen from the same building around the same time, supporting the possibility that the disk was stolen, not lost.

He also said that although Health Net claimed that the data on the disk could be read only with proprietary software, Kroll noted that "common, commercially available" software could decode it.

Matthew Katz, executive vice president for the Connecticut State Medical Society, said the group was "outraged" to learn from Blumenthal's announcement that the lost data weren't as indecipherable as Health Net claimed. "How do we now trust anything Health Net has said regarding the data breach?"

In response to Blumenthal's comments, Health Net released its own statement: "The [Kroll] report states that there could have been numerous scenarios that explained the disappearance of the missing drive, and that there was insufficient evidence to determine which, if any, of the scenarios was the most likely."

Health Net agreed to pay for two years of credit monitoring for anyone -- patient or physician -- affected by the breach. Data on the missing equipment also includes physicians and patients from New Jersey and New York.

In July, UnitedHealth Group announced it would buy Health Net's northeastern U.S. operations, which are affected by the missing data.

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn