In January, 2019, we learned about a breach at Centerstone Insurance and Financial Services, Inc. d/b/a BenefitMall, a business associate. The breach reportedly affected more than 111,000 insurance members/covered employees of the vendor’s clients. HIPAA Journal covered the incident.
Yesterday, Aetna issued a public notice related to the incident. Surprisingly, their notice discloses that by December 18, 2018, they had received information from BenefitMall as to which employees were potentially impacted.
So why did it take Aetna from then until this week to handle notifications for a few hundred people in Virginia? That seems way too long a gap.