Skip to main content

Connecticut Attorney General Brings Charges Against Health Net for HIPAA Violations

Written by Dianne Bourque


On January 13, Connecticut Attorney General Richard Blumenthal filed charges against Health Net of Connecticut, Inc., for violating federal privacy law. Blumenthal is the first state attorney general to file such a suit using HIPAA enforcement authority granted to states under the HITECH provisions of the American Recovery and Reinvestment Act of 2009.


The law suit was prompted by Health Net’s loss of a portable disk drive from a Connecticut office. The unencrypted drive contained health and other personal information for approximately 1.5 million current and former Health Net members. Almost one-half million of the affected members were Connecticut residents.


In a statement, Health Net said that it would cooperate with the Attorney General and that there is no evidence that any of the lost data had been misused. 

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.