Softpedia >News >Security
Softpedia Homepage   

Health and Life Insurance Info Exposed in Backup Drive Theft

ISMA does not clearly say if storage units were encrypted

Mar 10, 2015 17:43 GMT  ·  By
Data on hard drives may not have been encrypted
   Data on hard drives may not have been encrypted

Two hard drives containing backup data of customers of the Indiana Medical Association (ISMA) have been stolen, exposing health and life insurance information.

The incident occurred on February 13, 2015, while an employee of the organization was taking the storage units to an offsite location for safe keeping.

This procedure is part of ISMA’s plan to recover in case of a disaster, be it digital (such as a cyber-attack) or physical (hardware failure) in nature.

Same clients also affected by the Anthem breach

ISMA says that the criminal act has been reported to the Indianapolis Metropolitan Police Department and an investigation is ongoing. Details regarding the incident were also passed to law enforcement.

In an ironic twist, ISMA runs its health insurance program through Anthem, which was recently breached and data of tens of millions of individuals fell into the hands of hackers.

As such, it is possible that the information of most of the ISMA clients was exposed twice, and they have already been offered protection services against identity theft.

However, ISMA emphasizes the fact that, even so, all individuals affected by the theft of backup drives will benefit from free credit monitoring services for a period of one year.

Type of exposed data is easy to guess

The nature of the data available on the storage units has remained undisclosed to the public as ISMA blacked out that part in the sample letter to affected people, sent to the California Office of the Attorney General.

On the other hand, anyone with life insurance can easily determine the details exposed. Among the most important data included, there is the social security number, date and place of birth, driver’s license (if available), complete address, email, employment info, as well as financial details like personal income and net worth.

ISMA said that some form of protection was applied to the hard disks and their digital content “cannot be retrieved without special equipment and technical expertise,” but it does not mention if it was encrypted, which is the most important aspect.