- Centene Corporation announced that it experienced a potential healthcare data breach that may affect approximately 950,000 individuals.
Centene reported that there is an ongoing search for six missing hard drives, which were unaccounted for in its inventory of IT assets. The company statement did not specify whether the hard drives were encrypted, but said that individuals who may have had their information exposed had received laboratory services from 2009-2015.
Information on the hard drives may have included names, addresses, dates of birth, Social Security numbers, member ID numbers and health information. However, financial or payment information were not on the hard drives.
"Centene takes the privacy and security of our members' information seriously," Centene Chairman, President and CEO Michael F. Neidorff said in a statement. "While we don't believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members."
Centene added that potentially affected individuals will be receiving data breach notification letters and will also be offered free credit and healthcare monitoring.
Moreover, Centene said that it is “in the process of reinforcing and reviewing its procedures related to managing its IT assets.”
While not the first reported healthcare data breach for 2016, this is the largest one yet.
Indiana University Health Arnett (IU Health Arnett) announced earlier this month that it fell victim to a healthcare data breach at the end of 2015 when an unencrypted storage device went missing from its emergency department.
The device reportedly contained spreadsheets with limited health information belonging to emergency department patients between November 1, 2014 and November 20, 2015.
Potentially compromised information in that incident included patient names, dates of birth, ages, home telephone numbers, medical record numbers, dates of services, diagnoses, and treating physicians.
“IU Health Arnett takes very seriously its obligation to maintain patient information secure, and we appreciate the trust our patients place in us,” the hospital explained in its statement. “We are taking steps to enhance the protection of portable storage devices and are reviewing policies and procedures to minimize the chance of such an incident occurring in the future.”