Over 90 Total Lots Up For Auction at One Location - WA 04/08

Centene's missing hard drives contained data on 950,000 customers

by Thomas Dworetzky, Contributing Reporter | January 28, 2016
Business Affairs Health IT Primary Care Risk Management
Centene is half-dozen hard drives short of full customer security. The St. Louis-centered managed health care provider has revealed that the drives are "missing" and held personal information on close to a million patients who had lab work done between 2009 and 2015.

The information included names, addresses and Social Security numbers, according to St. Louis station KMOV-TV.

The drives were unaccounted for in an inventory of IT assets. "Centene takes the privacy and security of our members' information seriously," said Michael F. Neidorff, president and CEO of Centene, in a statement. "While we don't believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members."

Centene stated that an internal search for the drives "was ongoing." It noted that the hard drives do not include any financial or payment information.

"Consistent with our policies around communication and transparency, we are beginning the process of notifying all affected individuals and all appropriate regulatory agencies as we continue to search and investigate," said Neidorff.

Notification to affected individuals will include an offer of free credit and health care monitoring.

"The stakes are high because Centene handles sensitive health information relating to its members. It is, therefore, highly likely that they will have to make a report to U.S. regulatory authorities and will be fined for any data loss," Alison Rea, a lawyer at Kemp Little, told the BBC. She did commend the organization for being "upfront" about the loss.

"If the data has been lost within the organization, the potential damage suffered by Centene's members will be minimal. However, if the data has been taken offsite and is now in the public domain, the damages claims Centene faces could be much higher," she said.

"As Centene provides health insurance solutions for the under-insured and uninsured public in the U.S., the release of details of who their members are and their medical information could be highly damaging.

"Not only will it cause personal distress to the individuals involved if their friends and families find out about their medical history, but also because it could make it harder for those people to secure medical health insurance with other providers in the future."

In addition, the firm is reviewing and beefing up its data security measures, according to the Consumerist.

This latest security lapse comes after a number of U.S. health insurance companies experienced data breaches in recent years. Arguably the worst was the one at Anthem Inc., which affected the records of as many as 70 million of that firm's current and former customers and employees, according to The Wall Street Journal.

Another breach in 2014 at CareFirst led to the exposure of the data belonging to 1.1 million of its clients.

You Must Be Logged In To Post A Comment