HealthPartners is notifying 38,000 people covered by its insurance plans of a data breach in 2008 in which an employee shared a database of patients’ names and, in some cases, general medical services to a relative.
The shared data included people’s names, birthdates and member numbers, but not any financial information such as credit card numbers. Only one social security number was included in the data, which the worker apparently gave to a relative to help in formatting files for quality improvement reports, HealthPartners reported on Friday.
“We believe there is little to no risk the information could be used for identity or financial theft because of the limited type of information involved and because we have no evidence that the information was used for anything other than preparing reports for work,” said Tobi Tanzer, HealthPartners’ vice president for integrity and compliance.
Bloomington-based HealthPartners learned of the data breach in January and discovered in March which members’ patient data was included. The company has retrieved several of the employee’s devices to which the data was copied, and is seeking others. Free identity protection for one year is being offered to people who were affected. More information can be obtained at 866-316-1495.