There was another data breach in the Constitution State.
Health insurer Health Net became the latest company that lost data containing personal, financial and medical information of almost 450,000 Connecticut residents.
The data disappeared from Health Net’s Shelton office in May, but the company never informed consumers, the police or state officials about the breach until last week, raising the ire of Attorney General Richard Blumenthal who said the six-month delay could be a violation of the law.
“I am outraged and appalled by Health Net’s huge loss of personal, financial and medical information and its failure to swiftly inform authorities and consumers,” Blumenthal said.
Blumenthal said the information was on a hard drive, which included all data on 446,000 Connecticut patients, including health information, as well as financial and personal data such as social security and bank account numbers. The data was compressed, but not encrypted, although a specialized computer program is required to read it.
Alice Ferreira, a spokeswoman for Health Net, said they were initially unable to determine what information was on the lost drive, forcing the company to conduct a lengthy investigation, which included a detailed forensic review by computer experts.
“Protecting the privacy of our members is extremely important to us,” the company said in a statement. “We apologize for any inconvenience or concern this may cause our members.”
To date, the company said it has not had any reports of misused data.
This is not the first data breach impacting Connecticut residents. Earlier this month, Blumenthal demanded more answers and identity-theft protection for nearly 19,000 health professionals in the state whose confidential data was on a stolen laptop computer taken from the Blue Cross and Blue Shield Association in the Chicago area.
The laptop disappeared in August, but Anthem didn’t notify the affected doctors, therapists and other professionals about the breach until October, a move that also drew criticism from Blumenthal. In a statement, Anthem Blue Cross and Blue Shield said “it takes very seriously its obligation to protect the personal information of members and providers.”
In addition, last year the Bank of New York Mellon lost a computer backup tape that reportedly contained the personal and financial information hundreds of thousands of Connecticut bank depositors, including customers of People’s United Bank.
