Connecticut is to investigate a huge loss of health data by an insurer.

Apparently the California-based firm Health Net lost hundreds and thousands of patient records last May but waited six months to disclose the incident. Connecticut Attorney General Richard Blumenthal said the six-month delay could be a violation of the law.

A portable external hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut disappeared from the insurer’s office and the insurance company informed the state attorney general's office and the Department of Insurance only last Wednesday of the security breach, Hartford Courant reported.

The hard drive contains Social Security numbers, medical records and health information dating to 2002 for 1.5 million customers — past and present — in Arizona, Connecticut, New Jersey and New York.

The data was not encrypted; however, a specialized computer program is required to read it, the attorney general's office said. Nevertheless, Health Net may have violated state and federal law, it was felt.

"I am outraged and appalled by Health Net's huge loss of personal, financial and medical information and its failure to swiftly inform authorities and consumers," Blumenthal said. "This information vanished six months ago, but Health Net is only now informing authorities and consumers, an inexcusable and inexplicable delay."

The insurers defended themselves saying they undertook a lengthy investigation,  including a detailed forensic review by computer experts, before going public on the issue.