A second state’s attorney general is opening an investigation into the Health Net breach that was only recently revealed six months after the data were either lost or stolen. From the press release from Arizona Attorney General Terry Goddard:
Attorney General Terry Goddard today called on Health Net, a Connecticut-based insurance company, to immediately notify its Arizona policyholders whose personal, medical and financial information was either lost or stolen in a data breach that occurred six months ago.
He said further that his Office will open an investigation to determine whether a state law requiring prompt notification was violated.
Health Net notified the Arizona Department of Insurance on Wednesday that a hard drive containing personal data on some 316,000 present and former Arizona policyholders has been missing since May from the company’s headquarters in Shelton, Conn. The company has yet to contact the affected policyholders about the breach, however, saying it plans to send letters to them soon.
“Health Net’s failure to notify its customers after all this time appears inexcusable,” Goddard said. “The breach apparently includes sensitive personal health information as well as financial information that could put people at risk of identity theft. There can be no further delay; the company needs to provide notification as quickly as possible.”
Arizona law requires notification of individuals affected by an unauthorized acquisition and access of computerized personal information “in the most expedient manner possible and without unreasonable delay.”
Goddard said a letter citing that law was sent to the company Thursday. It also requests additional information about the data breach. A copy of the letter is attached.
Health Net said it will provide free credit monitoring for two years for all affected customers who request it. The company said it has not received any reports so far of misused data.
A company spokeswoman said the missing hard drive contains Social Security numbers, medical records and health information going back to 2002 for 1.5 million past and present customers in four states: Arizona, Connecticut, New York and New Jersey. Health Net is one of the country’s largest publicly traded managed care companies with some 6.6 million customers across the country.
A Health Net spokeswoman said customers with questions could call the company phone number on the back of their benefits card.