Consider this entry:
“Penn Treaty Network America Insurance Company”,”PA”,””,”560″,”2010-06-04″,”Other”,”Other”,”2010-08-20″,””
There is no information on Penn Treaty’s web site. So what sense can we make of this entry? We can pretty much rule out the theft of a laptop or loss of paper records, but “Other” and “Other” could be so many things.
When I did a search for “Penn Treaty Network America Insurance Company”, data breach & 2010, I found an SEC filing by Wellpoint, Inc, on 7/28/10, that the company has been placed in “rehabilitation”, which the filing calls an “intermediate act before insolvency”, and that the state insurance commissioner has requested liquidation of the company but that the petition had not yet been ruled on. It almost sounds like they’re in the process of going out of business and mishandled records while doing so. That would explain the lack information on it
Penn has a web site that shows that they are in “rehabilitation” that I read last night when looking for any more info on the breach. I get the same sense you do, but if the point of the HHS web site was for transparency and to inform the public, the entry does not accomplish the latter particularly effectively. Did they submit an electronic filing to a court over an unencrypted transmission that exposed protected health information? Did they have data on a backup tape that got destroyed in a fire? We really have no idea what happened.