CareFirst medical data breach affects 1.1million people
… many of them state of Maryland employees who had to divulge personal data as a condition of getting affordable health insurance.
The banner news is that CareFirst, a large health insurer, suffered a data spill in June affecting over a million participants. The company claims that no SSNs were lost, nor insurance claims, but some who monitor these things are careful to note how the statement was parsed; the company did not speak to the administrative records of their participants, which now contain an immense amount of highly personal information.
In question is the integrity of data which are associated with wellness programs which are now increasingly mandated by employers – not least of which is the state Maryland. This year employees (many of them at University of Maryland on our campus) have been required to participate in these wellness programs, which entail disclosing personal medical information to people who are not your doctor, who later will determine what remedial ‘wellness’ activities you must engage in order to only pay normal health insurance rates. Those who do not disclose will pay penalty rates, which soon will skyrocket to thousands of dollars. It is a coercive and punitive system, which also indirectly transfers more costs to the participants in the long run. (Only the state will save – not the employees.)
Which brings us back to CareFirst. This insurer is one of the banner programs offered to us as employees, and it is known to be the most invasive in its questioning. “Are you happy at work?” “Do you like your boss?” “Do you feel you satisfy your partner?” “Do you keep guns in the home?” “Do you take recreational drugs?” “How much alcohol do you drink in a week?”
These questions sure seem pretty invasive. And their answers, from potentially thousands of Maryland employees who disclosed them under threat of state cost penalties, are now out on the internet and ready to be disclosed to the world.