Up to 25000 could be affected by laptop stolen from New West employee – The Missoulian
A laptop computer stolen from an employee of New West Health Services contains current and former customersâ names and addresses, some of their Social Security and driverâs license numbers, and may contain their medical, credit card and banking information.
There is no indication the data has been accessed or used improperly, CEO Angela Huschka said Monday, when New West announced the theft âout of an abundance of caution.â
New West declined to say how many of its customers may be affected by the theft, but Montana Insurance Commissioner Monica Lindeen said her office was told by New West it could involve 25,000 people.
The stolen laptop âcontained electronic files with personal information from past and present New West customers,â according to New Westâs news release. âThe computer was password protected, and there is no evidence to suggest that the information stored on the laptop was the target of the theft or that any customer information has been accessed or misused.â
Ryan OâConnell, New Westâs vice president of market strategy and external affairs, declined to say when and where the laptop was stolen.
âAt this time, we do not have any additional information to share,â OâConnell said in an emailed response to the questions.
New West Health Services, which also does business as New West Medicare, is a not-for-profit, provider-sponsored health plan offering Medicare Advantage and Medicare Supplement plans.
It is headquartered in Helena, and has an operations center in Kalispell and a regional sales office in Billings. New West did say the laptop was stolen from âan off-site location.â
The company established a call center, open Monday through Friday from 7 a.m. to 7 p.m., to address questions or provide information to current and former customers. The number is 1-877-802-1399.
New West said it would also offer one year of complimentary credit monitoring and identity protection services to individuals whose Social Security numbers were involved.
***
Based on a forensic investigation, New West says it believes the laptop contained:
- Customersâ names, addresses and, in certain instances, driverâs license numbers and Social Security numbers or Medicare claim numbers.
- It âmay have also containedâ information relating to some customersâ payment of Medicare premiums. That information includes electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and the cardâs CVV number).
- And, the laptop may have contained some customersâ health information, including date of birth, medical history and condition, and diagnosis and/or prescription information.
âOnce we learned of the theft, New West took immediate action including initiating an internal investigation and notifying law enforcement,â Mondayâs news release from Hurschka said. âWe also retained Navigant, a leading national computer forensic firm, to assist us in our investigation.â
New West said it was installing additional security on all company laptops, âenhancingâ education for employees, and âstrengthening our data security policies and practices.â
***
Lindeen, who helped implement a Cybersecurity Consumer Protections document while serving as president of the National Association of Insurance Commissioners last year, encouraged current and former New West customers who receive letters from the company advising them they may have been affected, to take steps to protect themselves.
âWhen you purchase insurance, you have the right to know how your personal information is being collected, maintained and used,â Lindeen said. âThis protection also extends to being notified if your information has been involved in a data breach.â
The Cybersecurity Consumer Protections document says people should:
- Know the types of personal information collected and stored by their insurance company, agent or any business it contracts with.
- Expect insurance companies to have a privacy policy posted on their websites and available in hard copy. It should explain what personal information insurance companies and agents collect, what choices customers have about their data, how customers can see and change or correct their data if needed, and how the data is stored and protected.
- Receive a notice from their insurance company, agent or any business they contract with if an unauthorized person has seen, stolen or used their personal information.
- Get at least one year of identity theft protection paid for by the company or agent involved in the data breach.
- Know their rights, and actions they should take, if someone steals their identity.
Those rights and actions are spelled out at the National Association of Insurance Commissioners website, naic.org.