The Philadelphia Inquirer reports a on a major data breach at Keystone and AmeriHealth Mercy Health Plans.
A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing - one of the largest recent security breaches of personal health data in the nation.
A spokesperson for the companies responded to questions for a follow up article:
The insurers, she said, had been working to improve a method for allowing encrypted patient information to be available to company representatives at local health events. The drive was being used at headquarters to test the new system, she said.
The information on the missing portable drive was not encrypted.
Also, the two companies had embarked on an initiative to encrypt all company data, especially data on devices such as laptops or flash drives that would be used outside the building. But that initiative was not completed when the Sept. 20 incident occurred.