If You Discover A Privacy Data Breach, You Probably Shouldn't Wait Three Months To Tell Users
from the fined dept
Insurance firm Wellpoint apparently left its medical records easily exposed on its servers from last October until March, exposing 470,000 users’ medical records, credit card numbers and “other sensitive info.” The company discovered the breach in February, but apparently waited until June to tell users. The company has now been fined $300,000 for not promptly notifying users, though that does seem like a rather low number considering how many records were apparently exposed…
Filed Under: breach, privacy, reporting
Companies: wellpoint
Comments on “If You Discover A Privacy Data Breach, You Probably Shouldn't Wait Three Months To Tell Users”
Punishment Fits The Crime?
A single mum is ordered to pay $1.5m for illegally downloading 24 songs yet this company gets basically a slap on the wrist for exposing pretty important data. Yeah.
Re: Punishment Fits The Crime?
Listen here bub…when you have the payroll like RIAA does of Federal Senators and lobbiests…you would get big bucks like them too…gawd…always picking on the hard working record company who only cares about it’s artists…THINK OF THE DOLPHINS!
/sarc
Re: Re: Punishment Fits The Crime?
Your forgot the CHILDREN… THINK OF THE CHILDREN
Re: Punishment Fits The Crime?
Does seem strange at first, but once you think about it, it makes perfect since.
What the company did was an accident, they had no intention of harming thousands of people by not protecting their computer systems, I mean really… whats your SSN, credit card number, and medical history really worth these days? It’s not like anyone can harm you with that data, and if they could, you would have to prove that in court… besides, it would probably cost a fortune to take that company to court, they may actually have some cash on hand and be able to defend themselves….
On the other hand, that evil mum had to be tought a lesson, she was obviously attacking the music industry and causing it millions of dollars in damages by not paying for those 24 or so songs… there had to be an example set for all the other evil mums of the world….. and really, who cares about one mum?
One song = $60,000
One medical = record/credit card/ whatever = $634 +/-
One mum = worthless……
/sarc
Re: Re: Punishment Fits The Crime?
One medical = record/credit card/ whatever = $0.64
Re: Re: Re: Punishment Fits The Crime?
I forgot my decimal! Thanks for the correction.
Re: Re: Punishment Fits The Crime?
Exposing the data was an accident. Hiding that fact for 3 months was not.
Re: Re: Punishment Fits The Crime?
Every one that has Wellpoint needs to go to http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html and submit a complaint for violation of HIPAA. I believe that the max award is $11,000 per person and that is what a doctors office would have brought against the if they gave away this info.
You too for the low price of $1.56 can also give out anyones personal info. Call now special offer.
And if you order in the next 15 minutes, you can get a double cd – yes 24 songs – for the bargain price of $1.5M
Where can i sign up?
Punishment Fits The Crime?
Those 470,000 Americans who let their personal details get leaked by this company have only themselves to blame. They are not forced by law to get medical insura… Oh wait…
http://www.health.com/health/condition-article/0,,20359522,00.html
Regarding all the mouth-noise about the Gov’t making you buy health insurance (the horror!)… all the rethuglicans were all up in arms. What you didn’t hear (from the media or anyone else for that matter)was that party was the one pushing mandatory property insurance and mandatory car insurance. It seems they have problems with double standards.
Re: Re:
thank you for supplying my daily quota of political partisan derp!
It should have been a 3 million dollar fine. Exposing sensitive information to the web should have gotten someone locked up. In my book that’s aiding and abetting criminals and smacks of conspiracy. Even the stupid administrators being pushed out of trade schools are taught better than that in security class.
AJ
You said “It’s not like anyone can harm you with that data”
It sounds like you have never been the victim of identity theft. Wait until creditors start calling you because someone opened up a dozen long distance accounts in your name and they are all delinquent. Wait until a hospital refuses to give you care because someone claimed to be you and skipped on the bill. Wait until you have to spend 10 hours a day, every day for weeks, on the phone trying to convince people that you aren’t who they think you are. Wait until you don’t qualify for credit or a home loan because your credit rating was tanked. Wait until you loose your job because the creditors called your boss.
The harm is very real and happens every day.
Re: AJ
Um…I think you missed the sarcasm…
Punishment
Medical records and credit cards at risk. Seems to me this would be a case for a CTO to do some jail time. It would be a great example of how not to mess with critical data. The sooner laws that cover blatant stupidity are enacted, the better. Yeah, like thats gonna happen…
i find it rather sad that security breeches such as this with the potential of causing millions in damages would be taken so lightly.
while i dont think it rises to the level of prison sentances, it surely merits more than a mear 60 cents per customer. the breech may have been accidental, but covering it up for three months was not and should have some very strong penalties associated with that action.
Re: Re:
and yes, i did incorrectly spell a couple words… its early and i have not had enough coffee so shup
It makes sense
Interesting juxtaposition: Insurance firm Wellpoint pays $300,000 for criminally irresponsible late disclosure of its 470,000 medical record security breaches and RIAA is awarded $1,500,000 for 24 illegally downloaded songs.
It makes sense. Why does it make sense?
It makes sense because Insurance firms and RIAA have bought off Congress, which makes the laws, and the criminal justice system, which enforces the laws.
Federal HIPAA fines are ignored again
Sean beat me to the punch; however he is correct in his assessment. Additionally, Wellpoint is exposed to fines of up to $1,000 per record violation which can translate into $470,000,000 in fines as well as significant criminal penalties inclucing $50,000 in fines and up to 1 year of imprisonment.
However, it is much more important that we prosecute possible music pirates because they are erroding our freedoms and exposing us to incomprehensible dangers.
$300,000 fine? Are you kidding me? Less than a dollar per person is NOTHING to a company like Wellpoint! Seriously, they make $300,000 just by denying ONE patient’s cancer treatment! Do you honestly think they care about a measly $300,000? Considering the HUGE bureaucracy of an insurance company, that’s probably their annual coffee budget!
Publish an article about the HIPAA fines. I guarantee that will be a SIGNIFICANTLY higher amount!
Wellpoint wants to make more profit, that's why they did it.
The interest of Wellpoint is primarily denying care to its clients, and hoping they die quickly, so if they can have a few of them die of strokes and heart attacks after their identities are stolen and they lose their jobs and are driven into bankruptcy, it suits them very nicely. Otherwise, some of those sumbitches might live long enough to get really expensive diseases, and it’s easier to have them dead quickly than to have to fight the appeals of their coverage denials. Sorry, but that’s how things actually work in this world, or at least in the US.