Mike D. Smith reports:
Aetna is notifying about 3,000 Texas policyholders affected by a “privacy incident” after a CD containing personal information never arrived at its intended destination.[…]
The incident occurred after an employee of Aetna Signature Administrators, a division of Aetna, mailed a CD on Sept. 6 to another employee for archiving purposes. When the envelope arrived, the CD was missing. On Sept. 9, the U.S. Postal Service was notified but was unable to locate the missing item.
Read more on Houston Chronicle.
In its notification letter, a copy of which was provided to the Montana AG’s office, Aetna Signature Administrators, which provides services to group health plans, reported that information on the missing CD included date of birth and Social Security numbers, and perhaps names and addresses. Those with questions about the breach can call 866-760-9572.
Because this incident is not yet on HHS’s public breach tool, the total number of patients being notified is unknown. DataBreaches.net has sent an inquiry to Aetna and will update this post if more information is disclosed.
Update: It was reported to HHS as affecting 18,854.