The loss of an unencrypted portable hard drive containing private health information has proven extremely costly and time consuming for Health Net, Inc., and Health Net of the Northeast, Inc. 


The health insurance company is now being fined $55,000 by the State of Vermont and must also submit to a data-security audit and file reports with the State regarding the company's information security programs for the next two years.


"The lawsuit is Vermont's first enforcement action under the Security Breach Notice Act and the second HIPAA enforcement action of its kind since state attorneys general were given HIPAA enforcement authority in 2009."


Read more at Infosec Island.