Centene Corporation, a health insurer headquartered in St. Louis, announced on January 25, in a press release that it is undertaking an, “ongoing comprehensive internal search for six hard drives that are unaccounted for in its inventory of information technology (IT) assets.”
The press release states that the hard drives contained the names, addresses, dates of birth, Social Security numbers, member ID numbers, and health information of members who received laboratory services between 2009 and 2015.
Centene is notifying the affected individuals of the loss of the hard drives and is offering free credit and healthcare monitoring. It stated that it will continue to search for the hard drives, but they are unaccounted for at this time.
Two points: health care entities may want to consider whether full Social Security numbers should continue to be included in all of the data it receives and stores on an individual—do you really need the entire SSN on that hard drive; and second, full encryption of data at rest. If this information had been encrypted, it could not be viewed, stolen or used.