By Bruce Japsen
CHICAGO _ Social Security numbers, pharmacy records and other personal health data from about 130,000 people covered by health insurance giant Wellpoint Inc. were left open for possible breach on the Internet, the health insurance giant confirmed Tuesday.
Wellpoint said it is not aware of any identity theft related to the problem.
The company said customer information in several states was exposed in the last year because two computer servers maintained by a vendor “were not properly secured for a period of time.” The insurer declined to name the vendor.
Wellpoint, the nation’s largest health insurer with 35 million subscribers, has been notifying customers of the security breakdown in recent days.
But customers who contacted the Chicago Tribune said they are worried that their prescription records, claims and Social Security numbers might still be somehow available on the Web or are in the hands of identity thieves.
“The idea that my medical records could be floating out there is outrageous to me,” said Marc Roberts, 54, of Oswego, Ill., who has health insurance from Wellpoint brand Unicare. “I think the idea of electronic medical records is excellent. It’s just their lack of monitoring their security that is a significant issue.”
The security lapse comes as the health care industry is moving quickly to adopt electronic health records which are designed to reduce costs and improve efficiencies over paper records.
However, as bugs have yet to be worked out, there have been several high profile incidents where customers’ health records have been exposed to potential breaches.
Last year, for example, another Wellpoint subsidiary, Empire Blue Cross Blue Shield of New York, lost a compact disc containing personal health information of more than 70,000 customers. The disc was lost when shipped between vendors. Ultimately, it was found and there were no known cases of identity theft, the insurer said.
But such incidents have gotten the attention of members of Congress.
U.S. Rep. Rahm Emanual (D-Ill.) and U.S. Rep. Edward Markey (D-Mass.) have introduced a bill that would provide require additional safeguards and standards to ensure privacy and integrity of personal health information.
“As medical records and patient histories become electronic, phrases like `security,’ `privacy,’ and `access’ should become just as important as `take two of these and call me in the morning,'” Emanuel said in a statement to the Tribune.
Wellpoint said it is taking extra measures to protect the security of patients’ records and has hired consultants to “reduce the risk of future incidents,” company spokeswoman Cheryl Leamon said.
“To fix the problem we conducted an internal analysis of the situation, used external consultants to confirm the security of our system, and put additional measures in place to enhance our security checks and balances,” Leamon said. “We have not received any reports of identity theft or credit fraud. We take the security of our members’ personal health information very seriously.”
Wellpoint is offering customers who may have been impacted one year of free credit monitoring services from Equifax Credit Watch.
That offer, however, is not being greeted too warmly. “One year of credit monitoring to me and then what am I supposed to do … buy it every year thereafter?” Roberts said. “It shouldn’t be my responsibility.”
© 2008, Chicago Tribune.
Visit the Chicago Tribune on the Internet at http://www.chicagotribune.com/
Distributed by McClatchy-Tribune Information Services.