Incident & Breach Response
Nearly 63,000 Affected by True Health New Mexico Breach
A health insurer in New Mexico is warning of a data breach that exposed personal and medical information.
See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response
True Health New Mexico (THNM) learned of a data security incident on Oct. 5, according to an advisory posted on its website. THNM describes itself as a physician-led health insurance company.
The incident exposed names, birth dates, physical addresses, email addresses, insurance information, medical information, Social Security numbers, health account member IDs, provider information, dates of service and provider identification numbers.
“Upon discovering the incident, we promptly took steps to secure and contain the impacted THNM systems and supplemented our internal response teams with external cybersecurity professionals and other outside experts,” the organization says. “We shut down certain systems where necessary, took other preventative measures, and supplemented our existing security monitoring, scanning, and protective measures.”
True Health didn’t specify the number of people impacted in its advisory, although it reported the incident on Nov. 17 to the U.S. Department of Health and Human Services. The department lists the number of those affected as numbering 62,983 and listed the type of breach as “hacking/IT incident” involving a “network server.”
Those affected are being notified by mail, True Health says. Some people may be former members of True Health and also New Mexico Health Connections, which was a health plan that was previously administered by True Health.
Two Years of Credit Monitoring
True Health didn’t describe in its advisory how it was breached. The organization has contacted law enforcement and says it has retained external cybersecurity professionals to help with the investigation.
“Through that investigation we learned that the incident was caused by an unauthorized third party who gained access to our IT systems in early October 2021,” the organization says. “All evidence to date indicates the incident affected only True Health New Mexico systems.”
THNM is offering two years of free credit monitoring to those affected. The deadline to enroll in those services is Feb. 15.
Although it doesn’t believe the exposed information has been abused, THNM advised that it “encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor their credit reports and explanation of benefits forms for suspicious activity.”