US health insurer, Health Net, may face legal action for losing nine servers that held personal and financial details of 1.9 million customers.
The insurance company announced on Monday that it was investigating the loss of server drives from its California data centre managed by IBM.
"This investigation follows notification by IBM, Health Net’s vendor responsible for managing Health Net’s IT infrastructure, that it could not locate several server drives," Health Net said.
Personal details, including health and financial information on Health Net’s members, staff and health care providers were at risk, it confirmed.
Health Net was criticised for failing to alert the public to the breach until after Connecticut Attorney General George Jepson announced it [PDF].
California’s Department of Managed Health Care, which was investigating Health Net's security, confirmed that nine server drives were missing [PDF], affecting a likely 1.9 million people.
It was not clear when they were lost or if they were encrypted but the company was offering two years' of free credit monitoring services.
Health Net came under fire in 2009 for waiting six months to disclose it lost 1.5 million patient records. In that instance, a portable disk drive disappeared from its office, Wired wrote at the time.
.jpg&h=271&w=480&c=1&s=1)
