SecOpsNews / news

RSS items as GitHub Issues for the discerning engineering leader or security professional
MIT License
46 stars 0 forks source link

[DataBreaches] True Health New Mexico settles lawsuit over 2021 ransomware incident #10396

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

True Health New Mexico has agreed to a class action settlement to resolve claims that the health insurance provider failed to protect patient data from an October 2021 data breach. As reported by Top Class Actions, plaintiffs in several lawsuits claimed True Health New Mexico failed to protect their sensitive information from a ransomware attack that affected nearly 63,000 patients. The settlement applies to the following lawsuits: McCullough, et al. v. True Health New Mexico Inc., Case No. D-202-CV-2021-06816, in the 2nd District Court of the State of New Mexico Clement, et al. v. True Health New Mexico Inc., Case No. D-101-CV-2022-00129, in the 2nd District Court of the State of New Mexico Shanks, et al. v. True Health New Mexico Inc., Case No. D-202-CV-2022-00449, in the 2nd District Court of the State of New Mexico The official settlement website is THNMSettlement.com As DataBreaches has been doing with other settlements, we looked to see if the settlement includes any provisions for improving data security. In this settlement, we found a more detailed commitment than usual: 21. Equitable Relief: True Health agrees to implement and maintain the following for at least one year from the Effective Date: a. Security Policy: True Health agrees to maintain a written information security policy and further agrees to require True Health employees to electronically acknowledge receipt and review of True Health’s written information security policy. b. Training: True Health will conduct cybersecurity training that contains annual mandatory classes, new hire orientation, and periodic training updates to necessary staff as new information security issues and trends arise. c. Password policy: True Health will maintain a written password policy that requires appropriate password complexity commensurate to sensitivity level to the system. d. True Health will require Multi-Factor Authentication (MFA) for remote access to e-mail. e. True Health will implement endpoint security measures, which include endpoint detection and a response solution. f. In the event True Health discontinues operations, True Health will have no obligation to continue these equitable measures described in Paragraph 21. True Health New Mexico discontinued its healthcare plans in New Mexico at the end of 2022. DataBreaches never saw any data from this incident on any leak site or any group claiming responsibility for the attack. HHS’s investigation into this incident is still open.

https://www.databreaches.net/true-health-new-mexico-settles-lawsuit-over-2021-ransomware-incident/

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 1 day with no activity. Remove stale label or comment or this will be closed in 1 day.

github-actions[bot] commented 1 year ago

This issue was closed because it has been stale with no activity.