Insurance Company Fined $6.8 Million for Data Breach


The Wall Street Journal reports that Triple-S Management will be fined $6.8 million by the Puerto Rico Health Insurance Administration following a data breach at the Puerto Rican insurance company Triple-S Salud, or TSS (h/t Becker's Hospital Review).

The fine is in response to the exposure of data belonging to 13,336 of TSS' Dual Eligible Medicare beneficiaries.

On September 20, 2013, TSS mailed a pamphlet to approximately 70,000 Medicare Advantage beneficiaries that inadvertently showed some recipients' Medicare Health Insurance Claim Numbers, which are considered protected health information under the Health Insurance Portability and Accountability Act (HIPAA).

Following the discovery of the error, TSS reported the incident to state and federal agencies and notified local media and affected beneficiaries, and offered all those affected 12 months of free credit monitoring and identity protection services.

"We take this matter very seriously and are working to prevent this type of incident from happening again," Triple-S Management stated in a recent SEC filing regarding the fine.

In addition to the fine, all new enrollments of Dual Eligible Medicare benificiaries will be suspended, and all those affected will be offered the option to disenroll.