Well, I guess sometimes you just have to go with your gut feeling. Yesterday, I had made a comment on the Health Net data breach. The breach occurred because a portable drive was lost (and, drive encryption wasn't used to protect the contents). The figures of affected patients has jumped from 446,000 to 1.5 Million in four states.
I was suspicious that this latest breach would be limited to the 446,000 people initially reported. My logic was that Health Net was reporting the number of Connecticut residents affected by the breach to the CT Attorney General. What of non-CT residents? However, I reversed myself because Health Net is a company based out of California, and the theft of the external drive was in Connecticut. Theft out of Connecticut that involves that state's residents only? It made sense. Plus, we had heard nothing out of California, where the company is headquartered. (What I had forgotten, though, was that Cali requires breach notifications if Cali residents are affected. If only people on the east coast affected, there's no reason for a California announcement.)
I was suspicious that this latest breach would be limited to the 446,000 people initially reported. My logic was that Health Net was reporting the number of Connecticut residents affected by the breach to the CT Attorney General. What of non-CT residents?
However, I reversed myself because Health Net is a company based out of California, and the theft of the external drive was in Connecticut. Theft out of Connecticut that involves that state's residents only? It made sense.
Plus, we had heard nothing out of California, where the company is headquartered. (What I had forgotten, though, was that Cali requires breach notifications if Cali residents are affected. If only people on the east coast affected, there's no reason for a California announcement.)
It turns out I should have trusted my gut feeling. Today, the courant.com has released more details. The loss of the hard drive will affect residents in Arizona, New Jersey, and New York, in addition to Connecticut. It will affect 1.5 million people, and the information goes all the way back to 2002. Let's see...assume $10 per person for identity theft monitoring. It was promised free to the affected for at least two years. 1.5 million people. That's $30 million over two years. There could have been a better use of that money. For example, if talking about managed encryption software like AlertBoot, $30 million pays for the protection of 3000 hard disks for 64 years.
It turns out I should have trusted my gut feeling. Today, the courant.com has released more details. The loss of the hard drive will affect residents in Arizona, New Jersey, and New York, in addition to Connecticut. It will affect 1.5 million people, and the information goes all the way back to 2002.
Let's see...assume $10 per person for identity theft monitoring. It was promised free to the affected for at least two years. 1.5 million people. That's $30 million over two years.
There could have been a better use of that money. For example, if talking about managed encryption software like AlertBoot, $30 million pays for the protection of 3000 hard disks for 64 years.
Related Articles and Sites:http://www.courant.com/health/hc-healthbreach1119.artnov19,0,1798384.story