The insurer becomes the first plan sued under a new law allowing attorneys general to enforce HIPAA privacy laws.

Connecticut Attorney General Richard Blumenthal has filed a lawsuit against California-based Health Net, alleging the company violated federal laws protecting medical records when a portable data drive disappeared.

According to Blumenthal’s office, the Jan. 13 lawsuit is the first action by an attorney general acting under the Health Information Technology for Economic and Clinical Health, or HITECH Act (part of the 2009 federal stimulus package) to enforce privacy laws under the Health Insurance Portability and Accountability Act.

The lawsuit says the drive contained 27.7 million pages of scanned documents containing information about 446,000 enrollees and their physicians. The data was not encrypted, the lawsuit said, as required by HIPAA and by Health Net’s own corporate policy.