MINNEAPOLIS (WCCO) – HealthPartners is alerting some of its customers about a privacy breach that happened back in 2008.
According to HealthPartners officials, information of some customers was compromised between 2008 and 2010 when an employee shared files with a family member in order to get help formatting them for reports. The files were also copied to a number of devices so the employee could work from home.
The health care company first learned about the breach in January, but didn’t learn which customers were involved until two weeks ago.
HealthPartners officials said it sent letters to the 38,000 health plan members that were affected.
The information that was wrongly shared did not include financial or credit card information, medical records, phone numbers, addresses or emails.
According to officials, a social security number was included in only one case.
The information that was shared was member name, member number, date of birth, and in some cases, gender, location and general category of services provided.
HealthPartners said they have recovered several devices involved in the breach and are continuing attempts to locate any more.
“We believe there is little to no risk the information could be used for identity or financial theft because of the limited type of information involved and because we have no evidence that the information was used for anything other than preparing reports for work. We deeply regret this mistake and apologize to everyone who was affected.” Tobi Tanzer, vice president, Integrity and Compliance, HealthPartners said in a recent press release.
There have been no incidents of ID theft as a yet.
HealthPartners is offering one free year of identity protection to any member whose information was included in the breach.
The employee involved in the incident is no longer with the company.