<i>“My investigation will seek to establish what happened and why the company kept its customers and the state in the dark for so long,” Blumenthal told the Hartford Business Journal. “The company’s failure to safeguard such sensitive information and inform consumers of its loss — leaving them naked to identity theft — may have violated state and federal laws. I will vigorously and aggressively seek damages, penalties and other appropriate remedies, if warranted.”</i><p>Excellent. I am glad that this is being taken seriously.
It would seem that they have violated HIPAA by both losing the data and not informing anyone about it.<p>Violations and Penalties here: <a href="http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.shtml" rel="nofollow">http://www.ama-assn.org/ama/pub/physician-resources/solution...</a><p>Note that "The DOJ concluded that the criminal penalties for a violation of HIPAA are directly applicable to covered entities—including health plans, health care clearinghouses, health care providers who transmit claims in electronic form, and Medicare prescription drug card sponsors."<p>I would think that a data loss like this would likely hit the maximum $1.5m fine..