Reuters reports on the WellPoint breach that’s in the news this week:
[…]
The company believes that the security glitch was exploited to access information on 940 insurance applications. Separately, unauthorized viewers accessed spreadsheets that “in rare cases” contained Social Security numbers, Sanders said.
WellPoint is doing forensic work to identify the applicants whose data was compromised.
“At this time we don’t know exactly whose information was accessed,” she said.
Of course, apart from any plaintiff’s lawyers that may have viewed applications, there is the issue of how many others may have viewed or accessed data and what their motivation might have been.
WellPoint started sending out letters on June 18, three months after it learned of the breach and eight months after the breach first occurred. Their notification to HHS was not up on OCR’s web site as of yesterday, but I expect we’ll see one there soon.