About POGO's Federal Contractor Misconduct Database (FCMD)
The government awards contracts to companies with histories of misconduct such as contract fraud and environmental, ethics, and labor violations. In the absence of a centralized federal database listing instances of misconduct, the Project On Government Oversight (POGO) is providing such data. We believe that it will lead to improved contracting decisions and public access to information about how the government spends hundreds of billions of taxpayer money each year on goods and services. Report an instance of misconduct »
Health Net, Inc.
Connecticut Security Breach Lawsuit
Date: 01/13/2010 (Date of Filing)
Misconduct Type: Consumer Affairs
Enforcement Agency: State/Local
Contracting Party: None
Court Type: Civil
Synopsis: Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut over the company's loss of a hard drive holding the personal information of 446,000 enrollees. The hard drive disappeared from a Health Net office in Shelton, Conn., on May 14, 2009. The lawsuit alleged the company failed to encrypt the data and failed to promptly notify state officials after learning of the hard drive’s disappearance. In July 2010, Health Net and its affiliates paid $250,000 in fines to settle the lawsuit. Health Net also agreed to implement a “corrective action plan” to better protect health information and other private data in compliance with the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). Should it be established that the hard drive was accessed and personal information was used illegally, Health Net will be required to pay the state an additional $500,000. In November 2010, the Connecticut Insurance Department (CID) fined Health Net $375,000 for the breach. CID levied the fine because it believed Health Net did not notify authorities and members in a timely manner. In July 2012, Health Net agreed to pay an additional $25,000 after CID found that Health Net did not “exhibit evidence of good management,” conform to state confidentiality laws, or fully safeguard the personal information of approximately 24,000 members.