3rd Party Remote Call Monitoring Feature

Any company that handles personal data is vulnerable to the threats of security breaches. Security and data breaches happen all the time, every day, across companies of every size; most are typically under-prepared when they face a breach. Breaches, which may or may not involve the theft of information from a malicious insider or criminal attack, can be costly; in fact, according to data breach statistics, it is among the most common and costly security failures in the U.S.

The latest Cost of Data Breach Study by the Ponemon Institute out of Michigan (and sponsored by IBM (News - Alert)) notes that the potential costs to allocate resources to the prevention, detection and resolution of such incidents are substantial.

The costs incurred for lost or stolen records containing sensitive and confidential information is about $3.5 million on average (as per the Ponemon study).  Moreover, studies show that data breaches can affect consumers' trust, and, therefore, it is important that businesses and stores take the correct steps to prevent these breaches from happening.

Today, breaches are affecting many retailers, but the same problem has come to be also an issue in health care organizations. An incident occurred recently with Access Health CT, the health insurance marketplace for the U.S. state of Connecticut; it reported a data breach discovered on Friday, June 6 that has been actively continuing over the weekend and was the result of an individual leaving a backpack on Trumbull Street in Hartford. The backpack was lost by a member from Maximus, the organization’s call center vendor and contained four notepads with personal information (like names, SSNsnames, social security numbers and birthdates) for about 400 insurance plan enrollees, the chief executive of the exchange, Kevin Counihan, said in an e-mailed statement. “It is believed to be Obamacare's first-ever breach of enrollees' personal data,” reports CNBC.

Counihan told in a statement how the exchange received a report earlier in the day that an individual had discovered the backpack on Trumbull Street. What is troublesome is that “personal information may be associated with Access Health CT accounts,” Counihan said.

The public coverage of the incident carried out by FOX CT, the news broadcast out of Hartford, CT, said the backpack was left outside of a Hartford deli, located on Trumbull Street, Thursday afternoon and nobody reported it being left there until Friday at about noon. WFSB, virtual channel 3 news source, says the lost backpack had gone 20 hours unnoticed before it was reported missing. An individual called Republican state Rep. Jay Case. State Republicans then called Access Health and got the police, Health and Human Services and the attorney general involved before any further time elapsed.

It is told from spokesperson Kathleen Tallarita that the backpack's owner did come forward on his own after hearing of the discovery on TV. In the meantime, those who have been affected are being notified; they are informed of the incident and asked to be on the alert for any potential data breach. Access Health CT chief operating officer Peter Van Loon said those individuals whose names were handwritten on the work papers may be at risk of having had their information compromised. Chief Marketing Officer for Access Health CT Jason Madrak recommends affected people to be cautious and to closely monitor their bank accounts.  

Many people, with insurance through the health exchange, came forward stressing their concern over potential identity theft, stated the officials at Access Health CT. "At this time, Maximus has no reason to believe that any of the information in the backpack has been misused," the company said. It could have been an honest mistake by the call center representative, however, they have not commented on any forms of reprimand for the employee. Meanwhile, “this individual has been placed on administrative leave and has had all system access privileges revoked," Madrak said.

As the investigation continues, Madrak said they are still working to understand exactly why this person took the information out of the building in the first place. The notepads found in the backpack contained notes typically taken by call center representatives to assist customers and there is no valid reason to hold on to and carry such content when the agent leaves the call center office, Madrak explains.

Although it appears this incident was not a malicious act in nature, and the individual who found the backpack did not intend to steal its contents with company data inside it, Access Health CT suffered a data breach incident that could have led to the exposure of many records. Maximus said, the company "takes full responsibility for this incident, and regret[s] any concern that this has caused Access Health CT consumers. [Today, it is] also reinforcing security and training policies and procedures to help ensure that this does not happen again."

To those affected by the loss and retrieval of the backpack left on Hartford Street last week, officials said Connecticut’s public health exchange will offer the following consumer remedies, of course, at no cost to them: credit monitoring, fraud resolution, identity theft insurance, and security freezes of credit reports.