By Rob Mathews
Barely a day after California-based Health Net, Inc. announced that several data servers containing sensitive health and personal information on its enrollees are unaccounted for, the officials today said the security breach involves "personal information for 1.9 million current and past enrollees nationwide."

The California Department of Managed Health Care is only HMO watchdog agency in the nation. The agency also provided further details beyond the plan's statement, saying that the missing records on nine servers are "for more than 622,000 enrollees in Health Net products regulated by the DMHC, more than 223,000 enrolled in the California Department of Insurance products (another state agency that has oversight responsibility) and a number enrolled in Medicare."

"The DMHC has opened an investigation into Health Net's security practices," said DMHC spokesperson Lynne Randolph. "Health Net has agreed to provide two years of free credit monitoring services to its California enrollees, in addition to identity theft insurance, fraud resolution and restoration of credit files, if needed."

Health Net posted a statement on its website but did not specify the number of servers, saying only that there are "several," nor did the company specify the number of enrollees whose data may be compromised. It characterized the files as "unaccounted for." Health Net spokesman Brad Kieffer said, "Our press release constitutes our statement to the media."

The Los Angeles-based health plan said the investigation "follows notification by IBM, Health Net's vendor responsible for managing Health Net's IT (information technology) infrastructure, that it could not locate several server drivers. Personal information of some former and current Health Net members, employees and health care providers is on the drives, and may include names, addresses, health information, Social Security numbers and/or financial information." Health Net said that it has started notifying the individuals whose information is on the drives.