Hartford-based Aetna Inc. recently told the federal government it was involved in two data breaches affecting more than 11,600 people.
On Feb. 27, Aetna filed two reports about the breaches with the U.S. Department of Health and Human Services Office for Civil Rights, according to the office’s online data breach portal. Both reports indicate they involved “unauthorized access or disclosure.”
One data breach affected 10,888 individuals, while the other affected 775, the listings state.
The listings also indicate the breaches occurred via an unidentified “business associate” and that it involved “paper or films.”
No additional information is provided on the portal.
A spokesperson for CVS Heath, the parent company of Aetna, provided a statement via email saying the filings relate to incidents that occurred in 2025 involving mailings sent by Aetna on behalf of two health plans.
“An error in the mailing distribution process resulted in letters sent to members that may have included an individual that was not on their health plan,” Aetna said in its statement.
The statement did not provide any additional detail about the letters.
“Aetna places the highest priority on protecting members’ privacy and regrets that this situation occurred,” the company’s statement said.
It added that Aetna has taken steps to address the issue and prevent it from recurring, and has notified affected individuals and offered complimentary credit monitoring.
