The University of Utah Health Plans (UUHP) recently experienced a data security breach, potentially compromising members’ personal information. The breach occurred between May 30 and June 2, 2023, and has raised concerns about the security of sensitive data held by UUHP.
The breach was discovered by TMG Health, Inc., a data security partner of UUHP, on June 21, 2023. Unauthorized access to their file transfer server prompted immediate concerns about the safety of personal information stored by UUHP.
Additionally, UUHP received notification from Virgin Pulse, a health and wellness technology provider, about a potential security incident related to their use of the file transfer software. Virgin Pulse took swift action to secure the software and launched an investigation to assess the extent and impact of the breach. The unauthorized access to personal information occurred on May 30, 2023, from a Virgin Pulse server.
The compromised data includes names, addresses, emails, phone numbers, dates of birth, Social Security Numbers, medical claims information, banking information, billing information, and medical treatment information of UUHP Medicare Advantage members. For UUHP HealthyU members, the at-risk information includes names, addresses, emails, phone numbers, dates of birth, and member IDs.
UUHP is treating this incident seriously and is collaborating closely with TMG and Virgin Pulse to prevent future breaches. Individuals who may have been affected are strongly advised to monitor their accounts, charges, and statements closely for any discrepancies or signs of identity theft or fraudulent activities.
To address the potential harm caused by the breach, UUHP is offering one year of complimentary personal identity and privacy protection monitoring to individuals whose Social Security Numbers may have been impacted. This proactive measure aims to reduce the risk of identity theft and provide peace of mind to the affected members.
Notification letters have already been sent to impacted individuals with valid addresses. Letters regarding the Virgin Pulse incident were mailed on October 20, 2023, while for the TMG incident, they were mailed on August 10, 2023. Individuals who have not received a notification letter are urged to contact UUHP directly to update their contact information.
UUHP has established dedicated helplines for its members to address concerns or obtain additional information regarding the incidents. UUHP HealthyU members can call 866-904-0403, while UUHP Medicare Advantage members can reach out to 1-888-727-2311 for inquiries related to the TMG incident.
It is important to note that Social Security numbers and financial account information were not affected in the Virgin Pulse incident. Nonetheless, members are advised to remain vigilant and should report any suspicious charges or activities to the relevant billing entity promptly.
These breaches at UUHP serve as a reminder of the growing concern surrounding data security in our digital world. They emphasize the urgent need for organizations to prioritize strong data protection measures to safeguard individuals’ privacy and prevent potential harm.
UUHP’s response to the breaches demonstrates their commitment to members’ well-being by offering complimentary identity and privacy protection monitoring. However, individuals must also take proactive steps to protect themselves, such as regularly monitoring their accounts, enabling two-factor authentication, and promptly reporting any suspicious activities.
As investigations into the breaches continue, UUHP remains dedicated to ensuring the security of members’ personal information and preventing future breaches. By working closely with TMG and Virgin Pulse, they aim to strengthen their security measures and restore trust in their data handling processes.
In conclusion, the recent data breaches at UUHP have raised concerns about the safety of personal information among its members. As affected individuals take necessary precautions and make use of the resources provided by UUHP, it is vital for organizations across industries to prioritize data security and adopt strong measures to protect sensitive information from unauthorized access.