Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Health insurer, Aetna Inc, is being sued for a serious oversight that reportedly revealed the HIV status of around 12,000 patients when a letter was sent out to customers with large clear windows that referenced HIV medication.
It’s a monumental blunder that’s similar to the London sexual health clinic, 56 Dean Street breach, where an email was sent to over 700 patients with names and email addresses for recipients visible. We act for a large proportion of the people claiming in that action.
The clear window is of course intended to be clear, so the address is shown for posting, but this doesn’t change the fact that the letter clearly hadn’t been properly planned out given that private medical information was visible too.
A photograph of an unopened letter reportedly shows Aetna’s logo, the patient’s name and address, and the following text:
This is a serious breach of sensitive medical information.
Aetna themselves appear unsure as to how many people are affected as it can depend on how the letter was folded and positioned in the envelope. The insurer has said that it used a third party firm to carry out mailing tasks, but did not identify who this was.
While the third party vendor may have been the ones to physically send out the information, Aetna has a responsibility to give clear instructions to anyone they provide access of sensitive information to look after it and ensure data protection rules are upheld.
A company statement said:
“We sincerely apologise to those affected by a mailing issue that inadvertently expose the personal health information of some Aetna members. This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again.”
The disturbing oversight may result in serious harm to the victims involved. The duty of care organisations owe when working with sensitive information like this is huge.
One victim is reportedly bringing an action after his sister found out he was taking HIV medication allegedly because of the breach. It could be easy for anyone picking up the mail to see enough content to realise that the recipient has HIV, which is a major breach of medical confidentiality.
Two organisations – Legal Action Centre (LAC) in New York, and AIDS Law Project – reportedly sent “cease-and-desist” letters to Aetna condemning the health insurer for the serious data breach. It’s believed there will be thousands seeking legal help to bring claims against Aetna.
Rhonda Goldfein, executive director of the Pennsylvania AIS group, criticised Aetna’s actions that led to the privacy violation in that, not only can this breach cause embarrassment, but also “a tangible risk of violence, discrimination and other trauma” that comes with the stigma of having the disease.
Like the 56 Dean Street Clinic action we’re involved in, this is an extremely serious data breach that has potentially caused a lot of distress and harm to the recipients. Many of the affected recipients in the Dean Street incident have instructed our firm, and we continue to work with the solicitors acting for the clinic in reaching settlements for the victims involved.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020