Health Insurer Loses Hard Drives Containing Personal Data On 950K Patients

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Why wait around for hackers to steal your clients' personal information when you can just lose it yourself? Although the company has no idea where the drives are, they don't believe the data has been used "inappropriately."

Centene has determined the hard drives contained the personal health information of certain individuals who received laboratory services from 2009-2015 including name, address, date of birth, social security number, member ID number and health information. The hard drives do not include any financial or payment information. The total number of affected individuals is approximately 950,000.
 
what's the point of even trying to keep data secure anymore... it would be easier changing identities every few years.
 
"Centene Corporation, a Fortune 500 company, is a leading multi-line healthcare enterprise"

...not for long!

"focusing on under-insured and uninsured individuals"

...oh, then nothing to see here! hell you can poison their water supply with toxic heavy metals!
 
I think they have 30 days to find/fix before they're subject to crippling fees under HIPAA; unless it was deliberate.
 
wtf
how are they fortune 500?
every single HDD containing even a drop of PHI gets FDE at the hospital I work at... let alone a drive that has that quantity of info.
 
what's the point of even trying to keep data secure anymore... it would be easier changing identities every few years.

The truth is your data has never been secure...ever.

The IRS still requires employers to MAIL your W-2. If someone wants your information specifically it can be had rather easily. As for identity theft, it is merely a numbers game and the odds of you being the 1 out of 950k or whatever millions of information stolen is low.
 
how do you just lose hard drives? Do they keep all the data on an external drive that some person carries around?
 
……………………………………..________
………………………………,.-‘”……………….“~.,
………………………..,.-“……………………………..”-.,
…………………….,/………………………………………..”:,
…………………,?………………………………………………\,
………………./…………………………………………………..,}
……………../………………………………………………,:`^`..}
……………/……………………………………………,:”………/
…………..?…..__…………………………………..:`………../
…………./__.(…..”~-,_…………………………,:`………./
………../(_….”~,_……..”~,_………………..,:`…….._/
……….{.._$;_……”=,_…….”-,_…….,.-~-,},.~”;/….}
………..((…..*~_…….”=-._……”;,,./`…./”…………../
…,,,___.\`~,……”~.,………………..`…..}…………../
…………(….`=-,,…….`……………………(……;_,,-”
…………/.`~,……`-………………………….\……/\
………….\`~.*-,……………………………….|,./…..\,__
,,_……….}.>-._\……………………………..|…………..`=~-,
…..`=~-,_\_……`\,……………………………\
……………….`=~-,,.\,………………………….\
…………………………..`:,,………………………`\…………..__
……………………………….`=-,……………….,%`>–==“
…………………………………._\……….._,-%…….`\
……………………………..,<`.._|_,-&“…………….`
 
Wonder if the lack of encryption is an expertise or cost issue since they're about 5 years late when it became a hot issue.
 
I think they have 30 days to find/fix before they're subject to crippling fees under HIPAA; unless it was deliberate.
It's actually very, very rare to face fines for HIPAA violations. There have been over 120,000 incidents (not individuals, but separate leaks of multiple people) reported to the OoCR for data leaks that fall under HIPAA violations, and there have only been 22 cases where fines were levied. Even repeat offenders face few consequences.

https://www.propublica.org/article/few-consequences-for-health-privacy-law-repeat-offenders
 
I don't doubt it. Our compliance geeks say that HIPAA violations happen every day, far more often than is widely known. But they're all fixed/resolved within a short span.

But if the gubmint will ding you for improperly disposing of prescription bottles... seems like the crippling fines were designed more to scare and set an example.
 
We occasionally do charity work for a local mission, some of which involves refurbing old PC's. A local hospital dropped off a dozen or so old computers. They weren't regular desktops, some kind of med-specific box, but ran XP. We fired one up, and saw there was patient data on it. I immediately powered it down and contacted someone at the hospital, who was pissed that such a thing could happen. The hospital that donated them would be subject to millions in HIPAA fines. I would guess it was something like this that happened at the insurance company.
 
Is secure data even a real thing, I find it all to be a h0ax.

I personally think that our government should focus more on our identity safety than thousands of years old religious wars.
 
We occasionally do charity work for a local mission, some of which involves refurbing old PC's. A local hospital dropped off a dozen or so old computers. They weren't regular desktops, some kind of med-specific box, but ran XP. We fired one up, and saw there was patient data on it. I immediately powered it down and contacted someone at the hospital, who was pissed that such a thing could happen. The hospital that donated them would be subject to millions in HIPAA fines. I would guess it was something like this that happened at the insurance company.

I was sold a bunch of servers from the DOE (Hanford, WA). Got them for extremely cheap. No hard drives were included. They had the tags on them that show they were wiped, but they were also physically destroyed. That's about the best way to do it. Wipe and physically destroy (HDD shredder!).

I did get a server from a pharmacy once. There was some trust there, and I'm sure it wasn't the best way to do it, but I got it wiped (DBAN) and used it for target practice. That was years ago, though...
 
If they can't prove that the drives were encrypted or that the information was then they are going to get fined to hell and back.
 
Is secure data even a real thing, I find it all to be a h0ax.

I personally think that our government should focus more on our identity safety than thousands of years old religious wars.

You sir, would rather be beheaded or blown to smithereens for being an "infidel" than maybe worry about some loser at some company losing your personal information.

You and your kind are what is wrong with this world.
 
And in other news, the teen aged daughter of a Centene employee is having fun showing off her new 6 drive Raid 5 setup to her friends. Asked how she could afford them, her comment was "They are some surplus drives my dad brought home..."
 
And in other news, the teen aged daughter of a Centene employee is having fun showing off her new 6 drive Raid 5 setup to her friends. Asked how she could afford them, her comment was "They are some surplus drives my dad brought home..."

Where were these girls when I was a teenager? :D
 
Back
Top