Attorney general will probe whether RIPTA's handling of data breach complied with the law [The Providence Journal]
Kristy dosReis, a spokeswoman for Attorney General
The attorney general's office was notified about the breach on
Data breach: More than 5,000 people affected by security breach of RIPTA health plan.
More than 17,000 people in
"I haven't been on a bus for almost a decade," she said.
Ajello said she sought an explanation and was told that UnitedHealthcare had been sending bills for all state employees' health claims to RIPTA — leaving it up to the transit agency to sort out which of those claims came from RIPTA employees.
UnitedHealthcare administered the health plan for state employees prior to 2020. The company did not respond to inquiries by press time.
RIPTA senior executive
More: Hacker hit RIPTA. Here's why over 17,000 state employees discovered their data was stolen
She did not answer additional inquiries about who that provider was, or whether the information provided to Ajello was correct.
RIPTA has not explained why files that contained state employees' personal information — including names, addresses, dates of birth,
RIPTA's handling of the breach has led to widespread confusion. Many current and former state employees were baffled when they received letters earlier this week, alerting them that their data had been stolen.
Many had never worked for RIPTA, or had any other interaction with the public transportation agency. The letters did not say that the breach had also affected employees in other branches of government, or explain why RIPTA had those employees' personal data in the first place.
Several state employees who contacted The Journal said they and their coworkers had initially assumed the letter was a scam, because it listed a processing center in
In an apparent effort to quell the confusion, Director of Administration
Thorsen also included an additional piece of information about the breach: The files that were stolen pertained to "health plan billing from about 2013 through 2015."
But state employees affected by the RIPTA breach were in the dark until they received letters in the mail this week — stating that RIPTA had learned
Those letters were dated and postmarked
RIPTA did not respond to an inquiry about whether the delayed notification might have violated the law.
The Identity Theft Protection Act also states that agencies "shall not retain personal information for a period longer than is reasonably required" unless other laws or retention policies state otherwise.
The law carries penalties of
©2021 www.providencejournal.com. Visit providencejournal.com. Distributed by Tribune Content Agency, LLC.
No-Fault Auto Insurance Reform Devastates Local Residents
Assurely and Great American Insurance Group’s Executive Liability Division Begin Relationship Towards a New Era of Insurance
Health/Employee Benefits News
Life Insurance News