Health Net Inc. announced this week that it lost a portable hard drive containing the patient data of 1.5 million customers.  The data was not encrypted.

Connecticut Attorney General Richard Blumenthal said he was investigating the matter and why it took Health Net six months to report the healthcare breach.

“My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long,” Blumenthal said in a statement. “The company’s failure to safeguard such sensitive information and inform consumers of its loss — leaving them naked to identity theft — may have violated state and federal laws.”

There have not been any cases of fraud linked to the incident, but Health Net will be picking up the tab for credit monitoring services for all impacted customers.

Data Security, Healthcare