AvMed Health Plans - 2010
AvMed Health Plans announced that personal information of some current and former subscribers may have been compromised by the theft of two company laptops from its corporate offices in Gainesville. The information included names, addresses, phone numbers, Social Security numbers and protected health information. The theft was immediately reported to local authorities but attempts to locate the laptops have been unsuccessful. AvMed determined that the data on one of the laptops may not have been protected properly, and approximately 80,000 of AvMed's current subscribers and their dependents may be affected. An additional approximate 128,000 former subscribers and their dependents, dating back to April 2003, may also have been affected.UPDATE (06/03/2010): The theft of the laptops compromised the identity data of 860,000 more Avmed members than originally thought. The total now nears 1.1 million.UPDATE (11/17/2010): Five AvMed Health Plans customers filed a class-action lawsuit against the health insurer on behalf of the 1.2 million people who were affected by the breach. At least two of them believe that their personal information was misused as a result of this particular breach.UPDATE (09/24/2012): An appeals court ruled that the plaintiffs were "explicitly" able to prove a link between the breach and ID theft they incurred. The case had been thrown out by a lower court in August 2011, but the appeal ruling may allow victims of identity theft to make it easier to prove that the identity theft was caused by a data breach.UPDATE (09/05/2013): AvMed Inc. agreed to settle with customers who were affected by the 2009 data breach on September 3, 2013.UPDATE (10/29/2013): AvMed will pay $3 million.UPDATE (3/6/2014): "Last week, a judge for the Southern District of Florida gave final approval to a settlement between health insurance provider AvMed and plaintiffs in a class action stemming from a 2009 data breach of 1.2 million sensitive records from unencrypted laptops. The settlement requires AvMed to implement increased security measures, such as mandatory security awareness training and encryption protocols on company laptops. More notably, AvMed agreed to create a $3 million settlement fund from which members can make claims for $10 for each year that they bought insurance, subject to a $30 cap (class members who experienced identity theft are eligible to make additional claims to recover their monetary losses)".