State Regulators Launch Investigations of Health Net’s Security Breach
The Department of Managed Health Care also is investigating the security breach. In addition, Woodland Hills-based Health Net said it is conducting its own investigation into the incident (Helfand, Los Angeles Times, 3/16).
On Monday, Health Net announced that nine server drives had gone missing from the insurer's Rancho Cordova data center. Health Net said the drives might contain names, Social Security numbers, addresses, health information and financial data.
Of the affected policyholders, about 845,000 are California residents (Colliver, San Francisco Chronicle, 3/16).
Health Net has started notifying people whose information is contained on the drives (Glover, Sacramento Bee, 3/16). The insurer said it will offer two years of no-cost credit monitoring and fraud resolution services to affected individuals, as well as credit restoration and identity theft insurance if needed.
On Tuesday, Insurance Commissioner Dave Jones (D) said DOI would investigate Health Net to determine whether the insurer "did everything it could have done to avoid and appropriately remedy this security breakdown."
The commissioner also requested that Health Net send the results of its internal investigation to his agency (Los Angeles Times, 3/16).
Depending on the findings of the state investigations, the health plan could face fines (Goldberg, "KPBS News," KPBS, 3/15).
Delay in Notification
In related news, a hotline that Health Net launched on Tuesday indicated that the insurer discovered the data breach on Jan. 21.
Health Net officials declined to comment about the reporting delay or offer new information about the breach (San Francisco Chronicle, 3/16).This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.