Medica Health Plan Alleges that Former Employees Hacked Sensitive Data

MINNEAPOLIS -- Medica Health Plans is alleging that computer hackers stole sensitive and confidential data from its computers twice in January and shut down parts of its computer system four other times.

Medica obtained court orders in April against two former employees it suspected of committing the security breaches. The orders required them to provide an accounting of the downloaded data and to turn over their personal computers for inspection.

In court papers, the Minnetonka-based health plan alleges that the intruders downloaded the digital equivalent of a 140,000-page Microsoft Word document.

Both defendants deny violating either company policies or a federal law that prohibits the unauthorized use of electronic data and say they're being retaliated against because they filed a racial discrimination complaint.

Medica has not referred the case to authorities for prosecution, and the workers have not been charged with a crime. But Medica is suing them in federal court. A trial to determine whether they acted improperly is pending while attorneys from both sides gather more information.

A Medica official told the Star Tribune of Minneapolis for a story in Wednesday's editions that it was unlikely that personal information about Medica's 1.2 million members in Minnesota, Wisconsin and the Dakotas had fallen into the wrong hands. But he said the investigation is continuing.

The intruders seemed most interested in trade secrets and employee evaluations, a spokesman said.

But Medica and other health plans store large amounts of sensitive private information that would be useful to identity thieves: Social Security numbers, addresses, birth dates, employment information and names of relatives.

''Most of us in health care organizations have a tremendous amount of data,'' said Carol Quinsey of the American Health Information Management Association, which helps companies take data security measures.

''It is bad enough that the health plan's security was breached,'' Quinsey said. ''The next worse scenario would be if the (perpetrators) would use that data in a nefarious way and perpetuate identity theft.''

Medica spokesman Larry Bussey said there was no evidence that any of the information taken from its computers has been misused.

''We believe that our system is very secure. We've never had any external break-in to the system,'' he said.

Medica targeted the two computer system employees who were among the six employees who had the power to set computer passwords. Court documents allege the two created bogus accounts or used training accounts to download data, to cause some parts of the computer system to crash and to delete e-mail accounts of executives.

They also allegedly made copies of e-mails that contained reports from the chief executive to the board, performance reviews of information-systems personnel and communications to company attorneys about ongoing lawsuits, the documents said.

And they read e-mails about the company's investigation into the security breaches, using that information to cover their own tracks, the documents allege.

With the help of an outside computer forensics expert, Medica officials tracked much of the activity to the homes of the two employees. They were suspended with pay in February and later fired.

Both workers - Austin Vhason and Pushpa Leadholm - deny doing anything improper and allege that Medica filed the lawsuit to retaliate. Both employees had filed complaints that they were discriminated against because they were minority members.

''My client feels that Medica was not providing the same opportunities to minorities as it was to Caucasians,'' said Ryan Pacyga, the attorney representing Vhason.

Both employees went to the federal Equal Employment Opportunity Commission and a formal complaint was filed on March 31, said attorney James Behrenbrinker, who represents Leadholm.

The Medica spokesman declined to comment on the discrimination charges.

Loading