Indiana University Health Reports Data Breach Stemming from Incident at TMG Health

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

On August 4, 2023, Indiana University Health (“IU Health”) posted a notice on its website announcing a data breach that occurred as a result of a third-party vendor’s use of the file transfer program MOVEit. In this case, the vendor was TMG Health, Inc. (“TMG Health,” “TMG”). In its notice, IU Health explains that the incident resulted in an unauthorized party being able to access members’ sensitive information, which includes their names, member identification numbers, effective dates of plans, and banking account and routing numbers. Upon completing its investigation, IU Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from IU Health Plans, it is essential you understand what is at risk and what you can do about it. While this incident did not involve hackers breaching IU Health’s computer network, they were able to access confidential information IU Health provided to TMG Health. As a result, an unknown number of IU Health Plans members are at a significantly higher risk of experiencing identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the IU Health / TMG Health data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting IU Health Plan Members?

The TMG Health / IU Health data breach was only recently announced, and more information is expected in the near future. However, IU Health’s recent post provides some important information on what led up to the breach. The post also provides a link to a website set up on behalf of TMG, which offers additional information.

According to these sources, IU Health relies on TMG Health’s service to assist with claims processing. On June 22, 2023, TMG notified IU Health about a data security incident involving TMG’s use of a third-party service, MOVEit. Previously, in May 2023, the developer of MOVEit announced a vulnerability within the application that allowed hackers to access information stored on its customers’ MOVEit servers. TMG was among the companies affected by the MOVEit vulnerability.

Upon learning of the MOVEit vulnerability, TMG launched an investigation. Ultimately the TMG investigation confirmed that an unauthorized party downloaded certain files from TMG’s MOVEit server between May 30, 2023 and June 2, 2023.

After learning that sensitive consumer data was accessible to an unauthorized party, TMG Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, member identification number, effective dates of plans, and banking account and routing numbers.

However, there is a link within the IU Health notice that takes users to an IDX page that provides additional information on the breach. This provides, “The personal information compromised included the information listed on the notice you received from your health plan. You should refer to your notice letter for details regarding your specific information. The downloaded data included your name and one or more of: mailing address, email address, phone number, date of birth, Social Security Number, medical claims information, banking information, billing information, and/or medical treatment information.” Thus, there is arguably some conflicting information regarding what data types were subject to unauthorized access.

On August 4, 2023, IU Health sent out data breach letters to anyone who was affected by the recent data security incident. TMG Health is providing victims of the breach with free credit monitoring.

More Information About TMG Health

TMG Health is a national provider of outsourcing solutions for Medicare Advantage, Medicare Part D and Managed Medicaid plans. In 2017, Cognizant finalized its purchase of TMG Health. Cognizant is another business services company that provides information technology, operations & technology consulting, infrastructure, and business process services. Cognizant employs more than 340,000 people and generates approximately $19 billion in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide