Health Net Breach Affects 1.9M

Managed health care provider Health Net has revealed that it lost the personal information of 1.9 million current and past enrollees, its second massive breach in 16 months.  In November 2009, the company lost a hard drive containing 1.5 million customer medical records.

Health Net provides health benefits to approximately six million people.  In this most recent incident, several server hard drives containing the personal information – names, addresses, health information, Social Security numbers and financial data – of former and current Health Net members, employees and health care providers recently went missing from its data center in Rancho Cordova, Calif.

Health Net began investigating the most recent incident after IBM, responsible for managing Health Net’s IT infrastructure, said it could not find the drives.  No word on whether or not the data was encrypted, but that generally indicates that it was not.  It sounds to me like someone had better be taking a long hard look at how hard drives and other media are handled, managed, and transported at this location, and by this vendor.  You rarely learn anything the SECOND time you are kicked by the same horse.