HealthNow Data Breach Lawsuit

In March 2017, a Twitter user discovered a major breach of a backup database owned by HealthNow Networks, a now-defunct telemarketing company based in Boca Raton. The breach impacted 918,000 consumers, most of them seniors with diabetes.

The HealthNow data breach impacted 918,000 consumers, most of them seniors with diabetes.

One of the scariest parts of this breach is that HealthNow doesn’t know how long the information was exposed. It could have been available for months, leading to serious financial or reputational harm that elderly consumers might not notice.

Exposed Data Included Social Security Numbers

The HealthNow data breach compromised a wealth of personal information, including the following:

  • Names
  • Addresses
  • Dates of birth
  • Phone numbers
  • Email addresses
  • Social security numbers
  • Health insurance information
  • Patients’ health issues

Most of the exposed records were associated with the following insurance plans:

  • Aetna
  • Blue Cross Blue Shield
  • Cigna
  • UnitedHealthcare

In a statement, Blue Cross Blue Shield said it was “aware of this scheme involving a suspicious telemarketing company that has no association with our organization, and we alerted law enforcement, including the FBI, to this issue.”

No Telling How Many People Accessed Data

Daynier Brown, a software developer who worked for HealthNow owner Dino Romano, told ZDNet that he received a copy of the customer database in his work for Mr. Romano. Mr. Brown said he copied the data onto an Amazon Web Service instance that redirected to

Mr. Brown could not explain why the data was unencrypted or how long it was accessible.

But Mr. Brown—who said he hadn’t worked for Mr. Romano in three years—could not explain why the data was unencrypted, why he didn’t delete the data, how long the data was accessible, or how many people could have accessed the exposed records.

Through April 18, the Identity Theft Resource Center (ITRC) says there were 456 data breaches this year—exposing almost 8 million records. That puts 2017 on pace for a 31% increase over 2016 in terms of the number of breaches.

If breaches continue to occur at this alarming rate, there will be 1,500 by the end of the year—almost 30 per week.

How to Protect Yourself from Data Breaches

In general, the best way to protect yourself from data breaches is to use a strong and unique password for each account or website. (Apps like LastPass help store them for you.) Don’t recycle passwords or use the same one for years on end. Don’t make your password your birthday or something predictable like “Password123.”

Other ways to protect your data:

  • Enter your email address at Have I Been Pwned to determine if/when your data was breached.
  • Set up multi-step verification whenever possible.
  • Delete old accounts that you never use anymore.
  • Cover your PIN when you enter it at stores and ATMs.

All of the measures above can help protect you and your identity in the event of a breach.

Did you find what you need?