In a serious breach of data security, Health Net, a leading US health insurance provider, recently reported that data of 446,000 of its clients was stolen in May 2009. However, it alerted its clientele only by the end of November. The insurance company said that a “portable computer disk drive went missing from Health Net’s Shelton (Connecticut) office”. The company has been sued by the Connecticut Attorney general’s office. The charge was filed on January 13, 2010.
Health Net has offered its clients, whose personal information was compromised in the theft, two years of free credit-monitoring services. The package also includes one million dollar identity theft insurance coverage and enrollment in fraud resolution services for two years, if required. The company spokesman said, “Additionally, if members experience any identity theft between May 2009 and the date of their enrollment, Health Net will provide services to restore the member’s identity at no cost to the member.”
US companies as apparently they have less IT controls in place to prevent data theft or loss
“Such cases are increasingly often reported from especially US companies as apparently they have less IT controls in place to prevent data theft or loss. Especially consumer data is highly sensible,” says Dr Prof. Sachar Paulus, IT Security expert. “The issue can absolutely not be forgiven, since there are standard products available doing the job with a small amount of administration.”
“The biggest risk for the company is the reputation damage they will be exposed to. Consumers tend to move to service providers that handle their interests with care, and especially their data. On the long run, only companies will survive that adequately protect customer data, especially consumer data.”
“How could such a company survive the migration to the Cloud? Since they are not even able to protect data on classical hard disks, how will they achieve the necessary data protection in open, service-based environments? I doubt they will have a chance,” he said.
IDC had predicted that over 45% of all PCs in the world will be laptops by 2009. According to a 2008 study sponsored by Dell, over 15,600 laptops are lost per week by business travelers in US and European airports alone!
A single stolen laptop can cost a company over $4,556.00. However, that does not include the value of the lost or stolen data!
A data breach is estimated to be a net loss of $6.3 million
The average cost of lost records containing personal information is $197 per record with an average loss of 31,979 records. A data breach is estimated to be a net loss of $6.3 million.
Rapidly changing government data regulations also needs to be addressed. Regulations such as HIPAA, PCI DSS, and Sarbanes-Oxley require robust electronic data protection management. Such laws require protection of credit card information, health records, and financial records.
The cost of lawsuits and legislative compliance related fines can be substantial simply due to lost, stolen, or even just unprotected data. Companies should also be wary of irreversible damage to corporate reputation because of data breaches.
