Vermont Attorney General William Sorrell sued Health Net, Inc., and Health Net of the Northeast, Inc., over the company’s loss of a hard drive holding the personal information of approximately 1.5 million people, including 525 Vermonters. The hard drive disappeared from a Health Net office in Shelton, Conn., on May 14, 2009. The state alleged violations of HIPAA (the Health Insurance Portability and Accountability Act), and Vermont’s Security Breach Notice Act and Consumer Fraud Act. As part of a settlement reached with the state, Health Net agreed to pay $55,000, submit to a data security audit, and file reports with the state regarding the company’s information security programs for the next two years. (See related Health Net, Inc. instance, “Connecticut Security Breach Lawsuit”).