The Vermont Attorney General’s Office says a Connecticut-based health insurance company is ready to pay $55,000 to settle a complaint that it didn’t inform customers that personal information had been lost along with an unencrypted computer hard drive.
The state says the complaint and proposed settlement with Health Net and Health Net of the Northeast, of Shelton, Conn., were filed on Jan. 14.
The case arose after the loss of a portable hard drive that contained protected health information, social security numbers, and financial information of approximately 1.5 million people, including 525 Vermonters.
Health Net discovered that the drive was missing on May 14, 2009 but did not start notifying affected Vermont residents until more than six month later.
In addition to paying $55,000, Health Net must submit to a data-security audit and file reports with the State of Vermont regarding the company’s information security programs for the next two years.
“Consumers expect – and the law requires – that personal information be treated with the utmost care,” said Vermont Attorney General William Sorrell. “Identity theft remains one of the fastest growing crimes in America. Companies must be careful to prevent Vermonters’ sensitive information, especially their medical records, from falling into the wrong hands.”