AvMed Breach Now Affects 1.2 Million
Largest incident reported so far under HITECH ruleThat makes the breach the largest reported so far to federal authorities under the HITECH Act's Breach Notification Rule. A BlueCross and BlueShield of Tennessee breach caused by the theft of hard drives affected nearly 1 million.
In February, when it initially revealed the Dec. 11, 2009, incident, the Florida insurer said 208,000 current and former members had been affected. Later, it upped that total to 360,000 and notified them all.
Results of investigation
"As this investigation progressed with the involvement of leading data security experts, AvMed has concluded that there is reason to believe that similar information of approximately 860,000 additional current and former members may have been included," the insurer said in a June 3 statement. The company hired a forensics team from Price Waterhouse Coopers to help pinpoint the data involved, an AvMed spokesman says.
The two laptops were stolen from an AvMed facility in Gainesville, Fla., and one, which contained encrypted patient information, was recovered with the help of a tracking mechanism, the spokesman says. The other device, not yet recovered, included unencrypted information, including names, addresses, dates of birth, Social Security numbers and healthcare details. "There has been no evidence that any personal information has been misused as a result of this incident," the company said.
Notification efforts
Beginning the week of June 7, the 860,000 additional individuals affected will receive letters of notification offering two years of free identity protection from the Debix Identity Protection Network.
In addition, Florida Attorney General Bill McCollum, who is conducting an investigation, encouraged AvMed members to monitor their credit statements for possible fraud.
"We are strengthening our data security capabilities and procedures to help ensure this type of incident does not occur again," said Ed Hannum, the insurer's president and COO. AvMed is in the process of encrypting all its laptops, the spokesman acknowledges.