The privacy breach affected 12,000 customers across the nation, in eight states and the District of Columbia. Aetna has informed all customers affected, apologized, and blamed the mistake on a third-party vendor that mailed the notices. The letters often shifted in their envelopes and showed whether patients were taking HIV medications or pre-exposure prophylaxis (PrEP), which prevents HIV. Patients' family members and their mail carriers could have been exposed to that private information.
“This type of mistake is unacceptable,” the company said in a statement, according to Bloomberg News. “We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members.”
Aetna said it would work to make sure such an error never occurs again, but didn't mention anything about compensation. Groups like Legal Action Center, the AIDS Law Project of Pennsylvania, and Lambda Legal blasted Aetna and said the company exposed patients to HIV stigma, which is still very much alive and “creates a tangible risk of violence, discrimination and other trauma,” Sally Friedman of the Legal Action Center told The Washington Post.
