14 DAY TRIAL // Sensitive details of approximately 71,000 Georgia patients were published on the web, being available for no less than seven weeks, WellCare of Georgia, Inc., today announced in a notification. The information concerning the members of "Georgia Families" included names, birthdates, social security numbers and other private details. There were no credit card numbers or other financial information, though. However, there's no sign of malicious use of this information, the officials states.
The data was published on the Internet on February 12 due to what seems to be a human error of an employee who was working with the database. WellCare has already started writing letters to the ones affected by the exposure, all the victims receiving a free one year credit monitoring.
"We were able to determine what data was available on the Internet and we are notifying anyone who might have been affected," said Anil Kottoor, WellCare's chief information officer. "We regret that this incident occurred. WellCare takes the privacy and security of personal information very seriously. It is an honor to serve our members in Georgia, and we apologize for any inconvenience this issue has caused," said Mike Cotton, president of WellCare's Georgia region.
This is not the first time when such an exposure takes places: in April 2007, a disc containing information about no less than 2.9 million people was lost and never found. "It is probable that some of those same individuals affected by last year's incident were also affected by this latest breach," Lisa Marie Shekell, the Georgia Department of Community Health communications director, told CNET.
As you can see, people are once again put in trouble, even if they have no fault for the exposure. There were lots of cases in the past, but the first one that comes in my mind is the HMRC case, when due to the loss of 2 discs containing private information, more than 25 million people were put in danger.