If You Discover A Privacy Data Breach, You Probably Shouldn't Wait Three Months To Tell Users

from the fined dept

Insurance firm Wellpoint apparently left its medical records easily exposed on its servers from last October until March, exposing 470,000 users’ medical records, credit card numbers and “other sensitive info.” The company discovered the breach in February, but apparently waited until June to tell users. The company has now been fined $300,000 for not promptly notifying users, though that does seem like a rather low number considering how many records were apparently exposed…

Filed Under: , ,
Companies: wellpoint

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “If You Discover A Privacy Data Breach, You Probably Shouldn't Wait Three Months To Tell Users”

Subscribe: RSS Leave a comment
AJ says:

Re: Punishment Fits The Crime?

Does seem strange at first, but once you think about it, it makes perfect since.

What the company did was an accident, they had no intention of harming thousands of people by not protecting their computer systems, I mean really… whats your SSN, credit card number, and medical history really worth these days? It’s not like anyone can harm you with that data, and if they could, you would have to prove that in court… besides, it would probably cost a fortune to take that company to court, they may actually have some cash on hand and be able to defend themselves….

On the other hand, that evil mum had to be tought a lesson, she was obviously attacking the music industry and causing it millions of dollars in damages by not paying for those 24 or so songs… there had to be an example set for all the other evil mums of the world….. and really, who cares about one mum?

One song = $60,000
One medical = record/credit card/ whatever = $634 +/-
One mum = worthless……


Wolfy says:

Regarding all the mouth-noise about the Gov’t making you buy health insurance (the horror!)… all the rethuglicans were all up in arms. What you didn’t hear (from the media or anyone else for that matter)was that party was the one pushing mandatory property insurance and mandatory car insurance. It seems they have problems with double standards.

Anonymous Coward says:


You said “It’s not like anyone can harm you with that data”

It sounds like you have never been the victim of identity theft. Wait until creditors start calling you because someone opened up a dozen long distance accounts in your name and they are all delinquent. Wait until a hospital refuses to give you care because someone claimed to be you and skipped on the bill. Wait until you have to spend 10 hours a day, every day for weeks, on the phone trying to convince people that you aren’t who they think you are. Wait until you don’t qualify for credit or a home loan because your credit rating was tanked. Wait until you loose your job because the creditors called your boss.

The harm is very real and happens every day.

harbingerofdoom (profile) says:

i find it rather sad that security breeches such as this with the potential of causing millions in damages would be taken so lightly.

while i dont think it rises to the level of prison sentances, it surely merits more than a mear 60 cents per customer. the breech may have been accidental, but covering it up for three months was not and should have some very strong penalties associated with that action.

kstahmer (profile) says:

It makes sense

Interesting juxtaposition: Insurance firm Wellpoint pays $300,000 for criminally irresponsible late disclosure of its 470,000 medical record security breaches and RIAA is awarded $1,500,000 for 24 illegally downloaded songs.

It makes sense. Why does it make sense?

It makes sense because Insurance firms and RIAA have bought off Congress, which makes the laws, and the criminal justice system, which enforces the laws.

Scott says:

Federal HIPAA fines are ignored again

Sean beat me to the punch; however he is correct in his assessment. Additionally, Wellpoint is exposed to fines of up to $1,000 per record violation which can translate into $470,000,000 in fines as well as significant criminal penalties inclucing $50,000 in fines and up to 1 year of imprisonment.

However, it is much more important that we prosecute possible music pirates because they are erroding our freedoms and exposing us to incomprehensible dangers.

Anonymous Coward says:

$300,000 fine? Are you kidding me? Less than a dollar per person is NOTHING to a company like Wellpoint! Seriously, they make $300,000 just by denying ONE patient’s cancer treatment! Do you honestly think they care about a measly $300,000? Considering the HUGE bureaucracy of an insurance company, that’s probably their annual coffee budget!
Publish an article about the HIPAA fines. I guarantee that will be a SIGNIFICANTLY higher amount!

The Devil's Coachman (profile) says:

Wellpoint wants to make more profit, that's why they did it.

The interest of Wellpoint is primarily denying care to its clients, and hoping they die quickly, so if they can have a few of them die of strokes and heart attacks after their identities are stolen and they lose their jobs and are driven into bankruptcy, it suits them very nicely. Otherwise, some of those sumbitches might live long enough to get really expensive diseases, and it’s easier to have them dead quickly than to have to fight the appeals of their coverage denials. Sorry, but that’s how things actually work in this world, or at least in the US.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...