The Health Plan reports MOVEit related data breach via supplier United Bank

The Health Plan repotts that United Bank, its financial services provider, had informed them about a data breach that occurred in May, potentially impacting The Health Plan's customers.

The breach was discovered on June 13 when United Bank notified The Health Plan that an unauthorized third party had accessed certain electronic records, including recent premium payment and payment coupon data, due to a vulnerability in the MOVEit software.

United Bank took actions to mitigate the impact, including taking the MOVEit server offline, applying recommended remediation measures, and initiating an investigation with external security experts.

The affected data, from approximately two weeks in May 2023, included

• names,
• addresses,
• phone numbers,
• health plan identification numbers,
• group numbers,
• premium payment images.

No details are provided as to the number of affected individuals. The incident did not involve bank account passwords.

Impacted members are being notified via mail, and The Health Plan has arranged for them to receive one year of credit monitoring from Equifax at no cost.