Health insurer Centene Corp. “takes the privacy and security of our members’ information seriously,” said Michael F. Neidorff, chairman, CEO of Centene, announcing that six missing hard drives contain the name, address, date of birth, social security number, member ID number, and health information of 950,000 members. And oh yes, they’re disclosing the breach out of an “abundance of caution.” It’s not like they’re required to by HIPAA or anything, right?
Six missing hard drives all with unencrypted information? Why?
You can read their full press release below:
Centene Announces Internal Search of Information Technology Assets
ST. LOUIS, Jan. 25, 2016 — Today, Centene announced an ongoing comprehensive internal search for six hard drives that are unaccounted for in its inventory of information technology (IT) assets.
“Centene takes the privacy and security of our members’ information seriously,” said Michael F. Neidorff, Chairman, President and CEO of Centene. “While we don’t believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members.”
Centene has determined the hard drives contained the personal health information of certain individuals who received laboratory services from 2009-2015 including name, address, date of birth, social security number, member ID number and health information. The hard drives do not include any financial or payment information. The total number of affected individuals is approximately 950,000.
“Consistent with our policies around communication and transparency, we are beginning the process of notifying all affected individuals and all appropriate regulatory agencies as we continue to search and investigate,” said Neidorff.
Notification to affected individuals will include an offer of free credit and healthcare monitoring. Centene is in the process of reinforcing and reviewing its procedures related to managing its IT assets.
SOURCE Centene Corporation
Clearly, Chariman Neidoff “didn’t get the memo”. You know, the one where someone told him that their security and compliance posture was “pants down” and that they needed budget to fix things.
To bad they don’t take their security as seriously as they do their PR spin.