Health Net exposed as many as 1.9 million customer records in a breach after its IT vendor misplaced nine server drives. This is the second breach in two years for Health Net when a portable hard drive containing medical and financial information on 1.5 million customers disappeared from a facility in Connecticut.
Lessons Learned: Technology is not the problem..People are the weak link and the solution. Devices are often lost and misplaced due to People not being aware of or not being accountable for the policies and procedures that have been put in place by the organizational responsible for protecting customer information. Organizations must ensure all appropriate personnel, including business associates, third-party vendors and contractors, are aware of and have acknowledged their accountability for appropriate policies and procedures and requirements for protecting sensitive patient data.