IU Health reports MOVEit related third party data breach

Indiana University Health (IU Health) has reported a "data security incident" experienced by its third-party claims processor, TMG Health. The incident was brought to light when TMG Health identified a security vulnerability in its MOVEit Transfer software.

The investigation revealed that an unauthorized party had gained access to and downloaded data containing sensitive information.

The compromised data include:

• names,
• identification numbers,
• effective dates of plans,
• in some cases, banking account and routing numbers.

The number of affected individuals is not disclosed.

To mitigate the impact on affected members, IU Health promptly notified them of the breach on Aug. 4. Additionally, TMG Health is taking responsibility for the situation by providing free credit monitoring services to all individuals impacted by the breach.

TMG Health has taken proactive measures to bolster their security infrastructure, ensuring that similar incidents do not reoccur in the future.