US health insurer, Health Net, may face legal action for losing nine servers that held personal and financial details of 1.9 million customers.
The insurance company announced on Monday that it was investigating the loss of server drives from its California data centre managed by IBM.
"This investigation follows notification by IBM, Health Net’s vendor responsible for managing Health Net’s IT infrastructure, that it could not locate several server drives," Health Net said.
Personal details, including health and financial information on Health Net’s members, staff and health care providers were at risk, it confirmed.
Health Net was criticised for failing to alert the public to the breach until after Connecticut Attorney General George Jepson announced it [PDF].
California’s Department of Managed Health Care, which was investigating Health Net's security, confirmed that nine server drives were missing [PDF], affecting a likely 1.9 million people.
It was not clear when they were lost or if they were encrypted but the company was offering two years' of free credit monitoring services.
Health Net came under fire in 2009 for waiting six months to disclose it lost 1.5 million patient records. In that instance, a portable disk drive disappeared from its office, Wired wrote at the time.
Copyright © iTnews.com.au . All rights reserved.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.