Health Net data breach analysis 'flawed,' SSNs exposed

A data breach affecting Health Net members is worse than originally thought; it involved more people and included more sensitive data than the insurer originally reported.

IBM, which manages its information technology, notified Health Net in January that it could not find nine computer drives containing Social Security numbers and other personal information on almost 2 million current or former members. Health Net notified those affected in March about the breach.

However, the issue has cropped up again. Health Net now is notifying members that their Social Security numbers were in fact compromised, despite previously assuring them that the breach only included health information, names, addresses, and other less sensitive information, the Bakersfield Californian reports.

Health Net also reached out to members who had not been notified that they were actually affected by the breach, although it refused to say how many people nationwide it was alerting, reports the Oregonian.

James Woys, Health Net's chief operating officer, apologized for the mistake in a July 27 letter to customers, saying the original analysis of the breach was flawed. "We have recently discovered that there was an error in the data analysis and your SSN was included on the unaccounted for drives," Woys wrote. "We sincerely apologize for this mistake."

The company also offered two years of free credit-monitoring services and will pay for any fees associated with a credit freeze, notes the Oregonian.

To learn more:
- read the Oregonian article
- see the Bakersfield Californian article