Laptop Security: Florida Insurer Loses Subscriber Data


More than 200,000 AvMed Health Plan subscribers are learning that their most sensitive personal information fell into the wrong hands last month after a pair of laptops were stolen from a conference room at the company's Gainesville, Fla. corporate headquarters.

The laptops contained current and former subscribers' names, addresses, Social Security numbers and health information, according to a statement (PDF format) posted on the insurer's Web site.

Company officials said the laptops were discovered missing on Dec. 11 and the theft was immediately reported to local law enforcement agencies. The company began mailing advisement letters to the affected subscribers this week.

"AvMed understands the importance of safeguarding our members' personal information and takes that responsibility very seriously," AvMed COO Ed Hannum said in a statement. "We will do all we can to work with our members whose personal information may have been compromised and help them work through the process."

"We regret that this incident has occurred, and we are committed to prevent future occurrences," he added. "We appreciate our members' support during this time."

AvMed officials said the exposed data was listed in such a way that the risk of identity theft is "very low." Regardless, AvMed is offering free credit-monitoring service all affected subscribers for two years.

According to a Javelin Strategy & Research report released this week, health insurance information breaches rose 4 percent in 2009.

Last month, BlueCross BlueShield officials in Tennessee reported that 57 hard drives storing members' personal data were stolen from a closet at a Chattanooga, Tenn., call center.

Those drives contained more than 1.3 million audio files of recorded conversations between customer service representatives and customers and more than 300,000 video files from images on customer service representatives' computer screens.

In November, insurer MassMutual told its customers that hackers managed to access a database that was being maintained by a third-party vendor, exposing the sensitive data of an unknown number of employees.

AvMed officials said the company has implemented additional security procedures and training and will continue to investigate the theft.

Javelin Strategy & Research's survey found that identity theft cost companies and individuals more than $54 billion in 2009, a 12-percent increase from the prior year.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.