Health Net Inc. has launched an investigation into several server drives that are unaccounted-for at its data center in Rancho Cordova, Calif.
The investigation, announced March 14, follows notification by IBM, the vendor that manages Health Net's information technology, that it could not find the drives.
The drives contain personal information of some former and current health insurance plan members, employees and health care providers and may include names, addresses, health information, Social Security numbers and financial information.
Health Net is a publicly traded managed care organization that delivers managed health care services through health plans and government-sponsored managed care plans.
The company is notifying individuals whose information is on the drives and offering two years of free credit monitoring services, including fraud resolution, and if necessary, restoration of credit files, as well as identity theft insurance. The services will be provided through Debix Identity Protection Network.
One day after Health Net announced the investigation, California Insurance Commissioner Dave Jones asked the health insurance company to forward its findings to the California Department of Insurance. Jones said he would conduct an independent follow-up investigation into whether the company did everything it could to avoid and appropriately remedy the security breakdown.
"I have been in constant contact with Health Net Inc. on this matter, and I am pleased to see that the company is following protocol by notifying all the individuals affected by this privacy breach," Jones said in a press statement. "With identify theft crimes on the rise, it is more important than ever to act immediately and comprehensively in addressing a privacy breach."