Posted On January 26, 2022 Consumer Privacy & Data Breaches
January 26, 2022 – In recent news, True Health New Mexico announced that the company was the target of a cyberattack, resulting in a data breach impacting more than 62,000 individuals. On November 17, 2021, the company notified the U.S. Department of Health and Human Services and began sending out data breach notifications to all affected parties, informing them that the cybersecurity event resulted in an unauthorized third party potentially accessing their sensitive information, including their full name, date of birth, age, home address, email address, insurance information, medical information, social security number, health account member ID, provider information, dates of service, and provider identification number.
A data breach occurs when an unauthorized party gains access to sensitive consumer information in the possession of a company or other organization. Often, hackers target organizations that rely on weak or outdated data security measures. Parties conducting a cyberattack may use the information obtained to commit identity theft or for other criminal purposes. While victims of a data breach may not immediately notice anything suspicious regarding their accounts, it is essential consumers give the situation the seriousness it deserves, as data breaches such as this one can lead to a consumer incurring significant financial losses.
Anyone in receipt of a True Health New Mexico data breach letter has reason to be concerned. In recent years, the rate of identity theft crimes has increased dramatically. In many of these cases, the information used to commit identity theft was obtained through a data breach.
If you recently received a data breach letter from True Health New Mexico, taking proactive steps to protect yourself is the best way to decrease the chances of identity theft. Additionally, if evidence emerges that True Health New Mexico mishandled your data leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.
When you entrusted True Health New Mexico with your personal information, you hoped that the company would take your privacy seriously. Certainly, you assumed that the company would take the necessary steps to prevent your sensitive information from ending up in the hands of a criminal. However, this data breach raises questions about the data-security measures the company had in place at the time of the cyberattack.
Companies like True Health New Mexico have an ethical and legal obligation to protect consumers’ personal, identifying, financial and health information. While this requires companies to devote significant time and money to developing adequate security measures, these expenses are merely a cost of doing business in a society where cyberattacks are common. If a business fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. Of course, data breach laws are complex, and there is not yet any proof that True Health New Mexico was negligent in how it handled consumer data. However, our data breach law firm is currently investigating the situation to determine whether affected parties may have a class action data breach lawsuit against the company.
If you have questions about whether you are eligible to be a part of a True Health New Mexico class action lawsuit, it is important you reach out to a data breach attorney as soon as possible.
If you received a data breach letter from True Health New Mexico, it means that an unauthorized person—likely a criminal—may have accessed, viewed, and retained your personal information. While True Health New Mexico cannot know why the third party sought out your information and what they plan to do with it, the situation justifies a certain level of precaution on your part.
Below are a few ways to protect yourself from identity theft and the other possible financial risks that can step from a data breach:
True Health New Mexico is an Albuquerque-based health insurance company serving the state of New Mexico. The company offers a variety of plans, most of which are through employers securing coverage on behalf of their employees. As a health insurance company, True Health New Mexico gathers a wide range of information about participants, which it uses to connect them to various healthcare services.
According to the most recent data breach letter, on October 5, 2021, True Health New Mexico experienced a data security event. While the details of the event were not released by the company, a subsequent investigation revealed that patient data was accessible by an unauthorized party in early October 2021. The compromised patient information appears to include the following:
While True Health New Mexico does not know which patients’ data was accessed or if any data was removed from the company’s systems, the investigation is ongoing. However, the company revealed that the total number of affected patients exceeds 62,000. On November 17, 2021, the company sent data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the data breach letter issued by True Health New Mexico (the online consumer notice can be found here):
On October 5, 2021, THNM experienced a data security incident and immediately took steps to secure and contain our impacted systems. We quickly retained external cybersecurity professionals to assist us in an investigation. Through that investigation we learned that the incident was caused by an unauthorized third party who gained access to our IT systems in early October 2021. All evidence to date indicates the incident affected only True Health New Mexico systems.
What Information was Involved?
Security professionals determined that impacted files may have contained information about current and former True Health New Mexico members, select providers, and some former members of New Mexico Health Connections, a health plan that previously received administrative services from True Health.
Affected data may have included a person’s name, date of birth, age, home address, email address, insurance information, medical information, social security number, health account member ID, provider information, dates of service, and provider identification number. True Health New Mexico has mailed letters directly to those individuals whose information may be involved in this incident. At this time, we have no evidence that any personal information has been misused.
What are we Doing?
THNM takes the security of your personal information very seriously. Therefore, upon discovering the incident, we promptly took steps to secure and contain the impacted THNM systems and supplemented our internal response teams with external cybersecurity professionals and other outside experts. We shut down certain systems where necessary, took other preventative measures, and supplemented our existing security monitoring, scanning, and protective measures. Through these efforts, True Health quickly restored its principal operations with no material day-to-day impact to operations. We are working with law enforcement officials on their ongoing criminal investigation of this matter. True Health also has notified appropriate governmental authorities and continues to monitor global networks for any signs of data misuse.
To help further protect member data, THNM is also offering a complementary 24-month membership for credit monitoring services to all potentially affected individuals. Additional details about how individuals can enroll in this program and protect their information is included below.