Univesity of Utah Health Plans (UUHP) has discovered an information security incident involving a vendor, TMG Health, Inc. (TMG).
On June 21, 2023, TMG data security personnel discovered an unauthorized external user accessed a MOVEit file transfer server and downloaded files that potentially contained some UUHP member information. These downloads occurred between May 30, 2023 and June 2, 2023. Once TMG learned of the access, they blocked the unauthorized user from further access and notified UUHP.
Information that was potentially impacted in this incident includes UUHP members’ names and one or more of the following: mailing address, email address, phone number, date of birth, Social Security Number, medical claims information, banking information, billing information, and/or medical treatment information.
UUHP is working closely with TMG to ensure systems are updated to prevent these types of incidents in the future. Additionally, TMG has notified law enforcement to investigate.
On August 10, 2023 UUHP mailed letters to members whose information may have been impacted. At this time, UUHP has no indication that member information has been misused, however, UUHP has advised potentially impacted members to monitor their accounts, charges, and statements for any discrepancies or services that they did not receive. Those members are encouraged to report any concerns to their local law enforcement or consumer protection agency.
To further assist in protecting UUHP members from possible adverse impacts from this event, UUHP is offering one year of complimentary personal identity and privacy protection monitoring.
If UUHP members have any questions or would like to learn additional information about this incident, they may visit https://response.idx.us/notice-info or call 1-888-727-2311.