In recent news, True Health New Mexico announced that the company was the target of a cyberattack, resulting in a data breach impacting more than 62,000 individuals. On November 17, 2021, the company notified the U.S. Department of Health and Human Services and began sending out data breach notifications to all affected parties, informing them that the cybersecurity event resulted in an unauthorized third party potentially accessing their sensitive information, including their full name, date of birth, age, home address, email address, insurance information, medical information, social security number, health account member ID, provider information, dates of service, and provider identification number.
A data breach occurs when an unauthorized party gains access to sensitive consumer information in the possession of a company or other organization. Often, hackers target organizations that rely on weak or outdated data security measures. Parties conducting a cyberattack may use the information obtained to commit identity theft or for other criminal purposes. While victims of a data breach may not immediately notice anything suspicious regarding their accounts, it is essential consumers give the situation the seriousness it deserves, as data breaches such as this one can lead to a consumer incurring significant financial losses.
Anyone in receipt of a True Health New Mexico data breach letter has reason to be concerned. In recent years, the rate of identity theft crimes has increased dramatically. In many of these cases, the information used to commit identity theft was obtained through a data breach.
If you recently received a data breach letter from True Health New Mexico, taking proactive steps to protect yourself is the best way to decrease the chances of identity theft. Additionally, if evidence emerges that True Health New Mexico mishandled your data leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.
Can Consumers Hold True Health New Mexico Financially Responsible for the Data Breach?
When you entrusted True Health New Mexico with your personal information, you hoped that the company would take your privacy seriously. Certainly, you assumed that the company would take the necessary steps to prevent your sensitive information from ending up in the hands of a criminal. However, this data breach raises questions about the data-security measures the company had in place at the time of the cyberattack.
Companies like True Health New Mexico have an ethical and legal obligation to protect consumers’ personal, identifying, financial and health information. While this requires companies to devote significant time and money to developing adequate security measures, these expenses are merely a cost of doing business in a society where cyberattacks are common. If a business fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. Of course, data breach laws are complex, and there is not yet any proof that True Health New Mexico was negligent in how it handled consumer data. However, our data breach law firm is currently investigating the situation to determine whether affected parties may have a class action data breach lawsuit against the company.
If you have questions about whether you are eligible to be a part of a True Health New Mexico class action lawsuit, it is important you reach out to a data breach attorney as soon as possible.
What to Do if You True Health New Mexico Sent You a Data Breach Notification
If you received a data breach letter from True Health New Mexico, it means that an unauthorized person—likely a criminal—may have accessed, viewed, and retained your personal information. While True Health New Mexico cannot know why the third party sought out your information and what they plan to do with it, the situation justifies a certain level of precaution on your part.
Below are a few ways to protect yourself from identity theft and the other possible financial risks that can step from a data breach:
- Carefully read the True Health New Mexico data breach letter to determine what information of yours was accessible;
- Make a copy of the letter for your records;
- Enroll in the free credit monitoring service provided by True Health New Mexico;
- Change all your passwords and security questions for any online accounts;
- Enable two-factor authentication, where it is available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that may be a sign of identity theft;
- Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About True Health New Mexico
True Health New Mexico is an Albuquerque-based health insurance company serving the state of New Mexico. The company offers a variety of plans, most of which are through employers securing coverage on behalf of their employees. As a health insurance company, True Health New Mexico gathers a wide range of information about participants, which it uses to connect them to various healthcare services.
The Details of the True Health New Mexico Consumer Data Breach
According to the most recent data breach letter, on October 5, 2021, True Health New Mexico experienced a data security event. While the details of the event were not released by the company, a subsequent investigation revealed that patient data was accessible by an unauthorized party in early October 2021. The compromised patient information appears to include the following:
- Full names,
- Physical addresses,
- Email address,
- Insurance information,
- Medical information,
- Date of birth,
- Health account member ID,
- Provider information,
- Dates of service, and
- Provider identification number.
While True Health New Mexico does not know which patients’ data was accessed or if any data was removed from the company’s systems, the investigation is ongoing. However, the company revealed that the total number of affected patients exceeds 62,000. On November 17, 2021, the company sent data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the data breach letter issued by True Health New Mexico (the online consumer notice can be found here):
On October 5, 2021, THNM experienced a data security incident and immediately took steps to secure and contain our impacted systems. We quickly retained external cybersecurity professionals to assist us in an investigation. Through that investigation we learned that the incident was caused by an unauthorized third party who gained access to our IT systems in early October 2021. All evidence to date indicates the incident affected only True Health New Mexico systems.
What Information was Involved?
Security professionals determined that impacted files may have contained information about current and former True Health New Mexico members, select providers, and some former members of New Mexico Health Connections, a health plan that previously received administrative services from True Health.
Affected data may have included a person’s name, date of birth, age, home address, email address, insurance information, medical information, social security number, health account member ID, provider information, dates of service, and provider identification number. True Health New Mexico has mailed letters directly to those individuals whose information may be involved in this incident. At this time, we have no evidence that any personal information has been misused.
What are we Doing?
THNM takes the security of your personal information very seriously. Therefore, upon discovering the incident, we promptly took steps to secure and contain the impacted THNM systems and supplemented our internal response teams with external cybersecurity professionals and other outside experts. We shut down certain systems where necessary, took other preventative measures, and supplemented our existing security monitoring, scanning, and protective measures. Through these efforts, True Health quickly restored its principal operations with no material day-to-day impact to operations. We are working with law enforcement officials on their ongoing criminal investigation of this matter. True Health also has notified appropriate governmental authorities and continues to monitor global networks for any signs of data misuse.
To help further protect member data, THNM is also offering a complementary 24-month membership for credit monitoring services to all potentially affected individuals. Additional details about how individuals can enroll in this program and protect their information is included below.
What Can You Do?
If you would like to enroll in this free credit monitoring program, please call (833) 525-2719, Monday through Friday from 7 am to 7 pm Mountain Time (excluding U.S. holidays). In addition, please continue to be vigilant about the security of your online or health accounts and monitor your credit reports for unauthorized activities. Please report any suspicious activities to appropriate law enforcement.
For More Information
If you have additional questions about this incident, please review our Frequently Asked Questions or call our incident center at (833) 525-2719, Monday through Friday from 7 am to 7 pm Mountain Time (excluding US holidays). For regular health needs, please contact your provider or True Health’s customer services at 1-844-508-4677 (toll-free), Monday through Friday, 8 am to 5 pm Mountain Time.