You Are Digitally Insecure with Your Health Insurance

Here’s another example of serious privacy breach by an insurance company. It appears that many of these companies are just not that technically savvy, nevertheless they frequently put your information in digital format. Great advantage of that format: Easy to move around, replicate, access. Great weakness? Easy to move around, replicate, access.

Again, this is of particular concern for healthcare providers as well as patients/clients. Possibly more so with those in psychotherapy, since there remains unfortunate stigma attached with treatment for emotional problems or mental illness.

Ken Pope’s entire post on the matter, here:

*Information Week* includes an article: “Indiana AG Sues Wellpoint Over
Health Data Breach; Consumer health data was at risk for 137 days
through an unsecured Wellpoint website, alleges the suit filed against
the health insurer” by Marianne Kolbasuk McGee.

Here are some excerpts:

[begin excerpts]

Indiana’s attorney general office has filed suit against health insurer
Wellpoint for delaying notification of customers of a data breach
earlier this year.

Indiana law requires businesses to notify individuals potentially
affected by data breaches, as well as the attorney general’s office
“without reasonable delay,” according to a statement by Indiana AG Greg
Zoeller’s office.

However, the AG office alleges that data, including social security
numbers, health records, and financial information for about 32,000
Indiana consumers were potentially available to the general public
through an unsecured Wellpoint website for about 137 days, between
October 2009 and March 2010.

The data was submitted to Wellpoint from applicants seeking insurance
coverage.

The AG office alleges that while Wellpoint was notified on February 22
and March 8 of this year that application records containing personal
information was accessible from its public website, Wellpoint didn’t
begin notifying individuals about the security breach until June 18, 2010.

In a statement from Wellpoint sent to InformationWeek in response to
seeking comment, the company said, “Anthem Blue Cross and Blue Shield is
committed to protecting the privacy and security of our members’ and
applicants’ personal information, in accordance with all applicable laws
and regulations.”

Anthem Blue Cross and Blue Shield is Wellpoint’s operations serving
several states, including Indiana, Colorado, Connecticut and Maine.

[end excerpts]