The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI).
The data breach incident was discovered by True Health New Mexico on October 5, 2021. Steps had been taken immediately to secure its IT systems. The company’s internal incident response staff collaborated with a third-party cybersecurity firm to perform a forensic investigation of the breach.
Based on the investigation result, an unauthorized individual had accessed its IT applications in the start of October and likely viewed or acquired files that contain PHI such as names, ages, birth dates, residential and email addresses, insurance records, medical information, Social Security numbers, provider information, medical account member IDs, and date(s) of service.
True Health New Mexico mentioned in the notification letters that it did not receive any proof that suggests the inappropriate use of members’ information; nonetheless, as a precautionary measure versus identity theft and fraud, the company provided free credit monitoring and identify theft protection services to the impacted persons.
The health insurance company had submitted a report to law enforcement about the cyberattack. A criminal investigation is now ongoing. The company likewise reported the security breach to the HHS’ Office for Civil Rights with the information that 62,983 people had been impacted.
Data Breach at Educators Mutual Insurance Association
Educators Mutual Insurance Association (EMIA) located in Murray, UT discovered that an unauthorized man or woman obtained access to its computer network from July 29, 2021 until August 10, 2021, and potentially viewed or obtained the members’ PHI.
EMIA discovered the data breach on August 23, 2021 and the investigation confirmed the infection by malware of its computer system. An evaluation of the files stored in the breached system revealed that they contained the PHI of members for instance names, addresses, dates of birth, Social Security numbers, clinical details, driver’s license numbers, and medical insurance ID numbers. EMIA is convinced that not all financial numbers of members were compromised.
A third-party cybersecurity firm was appointed to conduct a forensic investigation that is not yet done at the moment. Though there is no proof of attempted or actual misuse of patient information, EMIA instructed the impacted individuals to remain watchful against activities of identity theft.
EMIA claims it is going to do a routine audit of its computer system to identify unauthorized system activity and it will enhance its network monitoring software applications.