Data breach at AvMed makes three health insurer data breaches in three months
If the question is when will health care insurers begin protecting their customers’ identities, health information and financial information, in light of the most recent insurer data breach, the answer has to be “when pigs fly.”
AvMed began sending out notifications this week of a December 11, 2008 data breach that occurred when two laptops were stolen from a conference room in the Gainesville, Florida company headquarters. The data breach places 200,000 current and former subscribers at risk because their names, addresses and health information were all stored on the laptops.
Nearly one-third of the subscribers are at a particularly high risk of identity theft because their information was stored on a laptop without proper protect, according to a statement on the company’s website. Presumably, that means the laptop was not password protected, and/or the data was not encrypted.
The data breach also exposed extensive information on another 128,000 former subscribers dating as far back as 2003.
The company issued the boilerplate apology: We are very sorry … blah … blah. We are cooperating with law enforcement … blah … blah … blah … additional training … And we appreciate our members support … blah … blah. (One has to wonder why they believe they enjoy the support of 200,000 members whose most personal information was recently exposed in a data breach because of the company’s irresponsible and flagrant disregard for even the most elementary data security.)
You know those messages you hear when you call your insurer: “For training and quality assurance purposes, this call may be recorded” and “For security purposes, please enter your member ID or Social Security number”? More than 1.3 million of those audio files were recorded on 57 hard drives that went missing from closet at a Blue Cross Blue Shield call center in Chattanooga, Tennessee, in a data breach announced last month.
MassMutual announced yet another data breach in November that involved the sensitive information of an unknown number of employees. That data breach occurred when hackers accessed a database maintained by a contractor.
And the sky above remains clear of winged pigs.
