Aetna Insider Snaps Photos of Computers Displaying Patient Records

The major health insurer learned about the data breach from the IRS, when the tax man notified Aetna that one of its former employees had been arrested for possible identity theft.

The arrest took place in April 2014 and Aetna was contacted on Dec. 2, 2014. The individual had stopped working for Aetna in 2013.

“The former employee’s personal cell phone was confiscated and pictures of screen shots from Aetna computer screens were found on it,” states a January 2015 notification letter sent to the state of Maryland, where some of the affected members lived.

Why law enforcement authorities waited more than seven months before notifying Aetna was not explained.

The pictures included a name, date of birth, Social Security number and employer name.

“Some of the pictures were blurry and only certain fields could be read by our investigators,” but “by cross referencing information in our systems, we were able to recreate the data on the pictures,” the letter says.

Background checks that Aetna conducted revealed no criminal activity prior to or during her employment.