Roughly 38,000 members of Minnesota-based HealthPartners may have personal information at risk after an employee brought home electronic files containing the data, showed the files to a family member for help with formatting, and transferred the files to their own devices, between 2008 and 2010.
How many victims? About 38,000.
What type of personal information? Names, dates of birth, and health plan member numbers. Genders, provider names and locations, descriptions of health care services received, and member feedback was included for some individuals. A Social Security number was included for one person.
What happened? A HealthPartners employee brought home member information in electronic files, showed the files to a family member for help with formatting, and copied the information to personal devices, which is against rules for handling member information.
What was the response? HealthPartners recovered several computers and devices involved. HealthPartners is notifying all impacted individuals and is offering them a free year of identity theft protection services.
Details: The employee took home the electronic files and transferred the files to their own devices between 2008 and 2010. HealthPartners received a call on Jan. 21 regarding the employee who was taking home the files.
Quote: “We do not believe there is risk for identity or financial theft,” according to a notice on the HealthPartners website. “The shared information was limited. We do not believe the information was shared with anyone other than the employee's family member. We also do not believe the information was used for anything other than the employee's work.”
Source: healthpartners.com, “Important privacy notification,” March 2014; twincities.com, Pioneer Press, “HealthPartners: Insurance client data was breached 2008-10,” March 21, 2014.