Conn. AG Calls for Health Net Breach Investigation

There’s a new twist in the story of insurance company Health Net’s data loss in May. According to Newstimes.com, Connecticut Attorney General Richard Blumenthal is calling on the FBI to investigate the case.  The news site reports that Blumenthal has said a breach “of this magnitude and severity is absolutely appalling.” Also bothering the AG is the company’s delay in notifying state and federal law enforcement officials—according to the article, Health Net waited seven months. Company spokeswoman Alice Ferreira says the company waited to notify the public “in large part because of its desire to fully understand the breach and the extent of damage,” according to staff writer Robert Miller.


According to a Nov. 19 story appearing in The Hartford Courant, a portable, external hard drive containing “Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers—past and present—in Arizona, Connecticut, New Jersey, and New York” disappeared from the company’s Shelton, Conn. headquarters. The data was compressed but not encrypted. According to the paper, it requires a “special computer program to be read, state and company officials said.”

About 440,000 of the customers affected live in Connecticut, according to Newstimes.com. Data breaches involving Connecticut residents are nothing new in recent months, the Courant reported—in November, “Anthem Blue Cross and Blue Shield of Connecticut reported that a laptop was stolen this summer in the Chicago area, compromising personal information of nearly 850,000 doctors, therapists and other health care providers in 50 states, including 19,000 in Connecticut,” according to the paper.

While Health Net hasn’t released any conclusions about how the drive went missing, Blumenthal’s office has suggested that it was most likely a theft. The Connecticut AG worries that some of the information that went missing—including prescription records and doctors’ diagnoses—could be used for blackmail if it ends up in the wrong hands, according to Newstimes.com, a concern that goes beyond the scope of typical post-data breach worries about identity-related fraud.