This is scary.

Health insurance provider Wellpoint has confirmed that personal information about 130,000 of its customers was left unsecured on the Internet. The information contained Social Security numbers as well as medical records.

The article from the Chicago Tribune reported Wellpoint said customers in several states had information exposed in the last year because two computer servers maintained by a third-party vendor “were not properly secured for a period of time”.

Check out the compensation: A one year of free credit-monitoring services from Equifax Credit Watch.

So after the first year, you’ll have to dish out of YOUR pocket to keep your data secure. Who’s responsibility is it?

Just like SOX compliance came from a result of the Enron scandal, higher standards should be mandatory (if not Law) when it comes to storing and protecting personal health data.

Here’s the article from the Chicago Tribune

Wellpoint customer data may have been accessed via Internet

Medical information such as Social Security numbers, pharmacy records and other personal health data from about 130,000 people covered by health insurance giant Wellpoint Inc. may have been accessed via the Internet, the health insurance giant confirmed.

Wellpoint, which operates locally under the Unicare name, said customers in several states, including Illinois, had information exposed in the last year because two computer servers maintained by a third-party vendor the insurer would not name “were not properly secured for a period of time.” Wellpoint has been notifying customers via letters in recent days.

Although Wellpoint says it is not aware of any identity theft related to the problem, customers who contacted the Tribune said they are worried about the potential for prescription records, claims information and Social Security numbers to be accessed on the Web.

The incident comes at a time when the health-care industry is moving quickly to adopt electronic health records, designed to eliminate the cumbersome use of paper records and improve efficiencies. However, this is only the latest of problems the medical industry has had in preventing potential privacy invasions.

“The idea that my medical records could be floating out there is outrageous to me,” said Marc Roberts, 54, of Oswego who has health insurance from Unicare. “I think the idea of electronic medical records is excellent. It’s just their lack of monitoring their security that is a significant issue.”

Wellpoint and Unicare are offering customers one year of free credit-monitoring services from Equifax Credit Watch.

That offer, however, is not being greeted too warmly. “One year of credit monitoring to me and then what am I supposed to do … buy it every year thereafter,” Robert said. “It shouldn’t be my responsibility.”

Wellpoint is taking extra measures and has hired outside consultants to “reduce the risk of future incidents,” said company spokeswoman Cheryl Leamon.

“To fix the problem, we conducted an internal analysis of the situation, used external consultants to confirm the security of our system, and put additional measures in place to enhance our security checks and balances,” Leamon said. “We have not received any reports of identity theft or credit fraud. We take the security of our members’ personal health information very seriously.”