As a reminder that even the best technology still relies on humans not making dumb mistakes, PCMag.com reports that Health Net’s technology partner, IBM, has seemingly lost a few hard drives. Normally not a big deal.
Except that these drives contained patient data records of nearly 1.9 million people. What good is encrypted online transmission when things like this still happen?
Managed health care provider Health Net said this week that “several” server drives managed by IBM had gone missing, putting possibly 1.9 million records containing the personal information of its customer base at risk.
Health Net did not say how many records may be at risk, although the company says it administers records to 6 million individuals. Data including Social Security numbers, names and addresses, and other personal information are at risk.
On Monday, Health Net said that “several” drives had gone missing from a server or servers operated by IBM, its partner, for a data center in Rancho Cordova, Calif. However, the California Department of Managed Health Care said that nine of Health Net’s server drives containing personal information for 1.9 million current and past enrollees nationwide are missing, including records for more than 622,000 enrollees in Health Net products regulated by the DMHC, more than 223,000 enrolled in California Department of Insurance products, and a number enrolled in Medicare.
The article was moot on perhaps the most important question — was patient data encrypted on these drives? The way they were talking about offering 2 years’ free data monitoring services suggests the worse possible scenario, that all of this patient data was being stored unencrypted on these drives.
Hey, I’m all for electronic records. But let’s get the basics right, too — such as proper, secure handling of all the hardware that actually holds all of our virtual bits. And encrypting the data on these kinds of drives seems like Security 101.
Read the full article: Health Net, IBM Lose Drives with Stored Customer Records