Health Net loses sensitive data for 2M people
A health insurance company that provides coverage to 6 million people nationwide said Monday it is missing data servers containing the health records, financial information and Social Security numbers for nearly 2 million current and past clients.
Health Net Inc. said Monday it cannot account for several hard drives from a data center in the Sacramento suburb of Rancho Cordova.
The Woodland Hills-based managed care company would not disclose how many people could be affected, but the California Department of Managed Health Care placed the number at 1.9 million. In a news release, the department said nine server drives are missing and that it is conducting its own investigation into the company's security practices.
Posted on March 17, 2011 at 02:47 PM | Permalink
Monitor your credit reportFederal law gives you the right to one free credit report from each of the three credit bureaus on an annual basis. Requesting your free credit reports on a regular basis can help you spot problems early, such as identity theft or erroneous debts. Don’t fall prey to the confusing ads for free credit reports that you see on TV. The official site for your free yearly credit report is www.annualcreditreport.com. Learn more
Don’t share sensitive information on social networking sitesPeople store massive amounts of personal information on such sites, including birth dates, place of birth, phone numbers, vacation plans and more. Not only is this information a gold mine for marketers and unscrupulous individuals, but it may also be used against you by current and future employers. Learn more
Request a copy of your medical recordsThe federal rule HIPAA gives you the right to access your medical records. Health care providers must give you a copy of their privacy notice. This includes doctors, pharmacies, dentists, and other healthcare professionals. It’s important to request copies of your medical records because you never know when your doctor or dentist might retire or close up shop. And it's prudent to watch for signs of medical identity theft. Learn more
Don't let debt collectors push you around: you have rightsThe federal Fair Debt Collection Practices Act gives you rights when debt collectors call. We’ve heard of debt collectors contacting family members, neighbors, and employers, as well as threatening jail time. A collector should not discuss your account with third parties or use the phone to harass you. Request debt collectors contact you in writing. Learn more
When applying for a job, request copy of your background checkIf you are applying for a job, potential employers must obtain your written permission before performing a background check. Under the federal Fair Credit Reporting Act, companies must tell you if they didn’t hire you because of the background check and give you information on how to request a copy of the report. Learn more
Cord Blood Registry Data Theft [UPDATED 3-7-11]
The author received a notification letter as a customer of CBR dated February 14 2011.
A CBR computer and data backup tapes were stolen from an employee's locked automobile. The stolen tapes contained customer names, Social Security numbers, driver's licenses and/or credit card numbers. This is the "mother load" of personal identifying information for identity thieves.
CBR said in their letter to those effected: "CBR hired computer security experts to investigate the incident and they determined that there is no indication that the person information has been accessed or misused." This is a typical PR spin statement that companies who have suffered a breach use to make their customers feel better. Unfortunately it is, at best, meaningless. How could they really know whether the information was used to commit identity fraud? If they have a method, we're all ears.
There is no mention of the stolen computer and data tapes on the company web site or blog.
Cord Blood Registry® (CBR®) is the world's largest stem cell bank. The company is entrusted with storing more than 350,000 cord blood collections for individuals and their families. Headquarters are in San Bruno, California, and laboratory and storage facility is located in Tucson, Arizona.
UPDATE 3/3/11: Read the police report. The theft happened on December 13 2010. The CBR employee had the computer and data tapes in a backpack in the trunk of his car. He left it unattended at 11:35pm and returned around 15 minutes later and it had been broken into. The location of the theft is actually a large data center at 365 Main St in San Francisco.
UPDATE #2 3/3/11: This breach appears to effect virtually EVERY CBR customer (over 300,000). You can read the breach notification letter. For help call CBR at (888) 578-4480.