Share this article on:
The Albuquerque, NM-based health insurance agency True Health New Mexico has started notifying certain health plan members about the exposure and potential theft of some of their protected health information.
A data security incident was detected on October 5, 2021, and steps were immediately taken to secure its IT systems. The internal incident response team launched an investigation and third-party cybersecurity defense firms were engaged to assist with the forensic investigation.
The investigation revealed an unauthorized individual had gained access to its IT systems in early October and may have viewed or exfiltrated files that contained protected health information such as names, dates of birth, ages, home addresses, email addresses, insurance information, medical information, Social Security numbers, health account member IDs, provider information, and date(s) of service.
True Health New Mexico said at the time of issuing notification letters, no evidence had been found of misuse of members’ information; however, as a precaution against identity theft and fraud, affected individuals have been offered credit monitoring and identify theft protection services at no cost.
The cyberattack has been reported to law enforcement and a criminal investigation has been launched. The data breach has been reported to the HHS’ Office for Civil Rights as affecting 62,983 individuals.
Educators Mutual Insurance Association
Murray, UT-based Educators Mutual Insurance Association (EMIA) has discovered an unauthorized individual had access to its computer network between July 29, 2021, and August 10, 2021, and may have viewed or obtained the protected health information of some of its members.
The breach was detected by EMIA on August 23, 2021, with the subsequent investigation confirming malware had been installed on its network. A review of the files on the parts of the compromised system revealed they contained protected health information such as names, addresses, dates of birth, clinical information, health insurance identification numbers, driver’s license numbers, and Social Security numbers. Full financial numbers of members are not believed to have been exposed.
A third-party cybersecurity firm has been engaged to conduct a forensic investigation, which is still ongoing. While no evidence of attempted or actual misuse of patient data has been found, affected individuals have been advised to remain vigilant against instances of identity theft.
EMIA says it will continue to regularly audit its system to identify unauthorized network activity and will be enhancing its network monitoring tools.