Following on from last weeks blog, it appears another Californian based organisation has suffered a substantial data breach.
On Monday, Health Net released a statement saying it had lost the records for 1.9 million people from its hard drives. The data could have information pertaining to people’s names and addresses as well health and financial information. The company states a full investigation has been launched.
The missing data was spotted by IBM, who support Health Net’s IT infrastructure, when they couldn’t locate nine hard drives running on the company’s servers within their data centre.
Beth Givens, director of consumer organisation Privacy Rights Clearinghouse, says the breach is one of the top 20 security breaches since 2005 in the whole of the U.S. And with the drive containing un-encrypted data was of concern; she goes on to say “The fact that a server drive is unaccounted for is astounding. Under California law this wouldn’t even be a breach if the data had been encrypted. And relative to the expense of notifying affected individuals, (encrypting records) is not expensive.”
No statement was forth coming from the company itself beyond the news release. Given the recent statistics from the Ponemon Institute concerning cost to a company per lost record ($214 per record), the financial implications of this breach could be sizeable. Health Net also suffered another data breach in 2009 when a USB hard drive went missing from their head quarters in Connecticut with the loss 1.5 million customer records.
Health Net is offering two years of free identity theft insurance and credit monitoring to help those affected, with a hotline being set up for individuals concerned by the current breach.