Health Net Breach Impact GrowsIncident Tops OCR's List of Major Breaches
The insurer originally said that 2 million people nationwide were affected, 124,000 of those in Oregon. But Health Net Oregon president Chris Ellertson said in an e-mail to the Oregon Insurance Division last month that an additional 6,300 Oregonians were affected by the breach, bringing the total number to 130,000 for Oregon, according to an article from The Oregonian.
Personal information affected included names, addresses, social security numbers and health and financial information.
James Woys, Health Net's chief operating officer, sent an apology to customers in a letter dated July 27. "We have recently discovered that there was an error in the data analysis and your SSN was included on the unaccounted for drivers," he wrote. "We sincerely apologize for this mistake."
The breach, which was discovered Jan. 21, stemmed from missing server drives at a data center managed by IBM.
In its March 14 press release posted on its website, Health Net said its investigation of the January breach incident "follows notification by IBM, Health Net's vendor responsible for managing IT infrastructure, that it could not locate several server drives" at a data center in Rancho Cordova, Calif. "After a forensics analysis, Health Net has determined that personal information of some former and current Health Net members, employees and health care providers is on the drives," the company stated. That information may include names, addresses, health information, Social Security numbers and/or financial information.
Health Net is offering those who may have been affected "two years of free credit monitoring services, including fraud resolution and, if necessary, restoration of credit files, as well as identity theft insurance."
As a result of the breach, multiple investigations are underway. In addition to OCR, the California Department of Managed Healthcare, the California Department of Insurance, the Connecticut attorney general and now the Oregon Department of Consumer and Business Services' Division of Finance and Corporate Securities are investigating the incident.