ATLANTA, Oct. 27, 2023 /PRNewswire/ — NASCO, a healthcare technology provider of products and solutions for its health plan customers, is notifying certain individuals about a security incident that affected their personal information.
NASCO used a third-party software application, MOVEit Transfer by Progress Software (“MOVEit”), to exchange files. On May 30, 2023, NASCO experienced a data security incident in which an unauthorized third party acquired data from NASCO’s MOVEit instance. When NASCO learned of this issue on July 12, 2023, it promptly took steps to secure its systems, launched an investigation with the support of a leading cybersecurity firm, and notified law enforcement. NASCO is providing notice of this incident to certain affected individuals by letter and offering resources to help them protect their personal information.
The affected information included name, demographic information (including address, phone number, gender, date of birth), health insurance number, claim information, medical ID number, date of service, medical information (such as diagnosis information), medical device or product purchased and provider/caregiver name. Some data also included Social Security numbers. The affected personal information varies by individual.
Data privacy and security are top priorities for NASCO, and the company takes the protection of personal information very seriously. Upon discovering the incident, NASCO promptly took steps to mitigate the risk to its customers and the affected personal information. NASCO encourages affected individuals to remain vigilant against incidents of identity theft and fraud and to review their account statements. U.S. residents are entitled to a free credit report annually, which can be obtained by visiting www.annualcreditreport.com or by calling (877) 322-8228. NASCO encourages affected individuals to monitor their free credit reports for suspicious activity and to detect errors. Affected individuals should also review benefits documents they receive from their health plan to confirm that they received the health care services described. NASCO has arranged to offer 24 months of identity monitoring services at no cost to affected individuals who receive a letter about this issue.
NASCO continually works to enhance the security of its systems and mitigate risk. CEO and President John Ladaga stated, “NASCO takes the security of data very seriously and promptly went to work to conduct an investigation. This incident had no impact to the stability, availability and integrity of the products that NASCO hosts and runs for customers.”
NASCO has established a dedicated toll-free telephone number for affected individuals who may have questions or who would like additional information about this issue. The toll-free number is 855-873-7643 and is available Monday through Friday between 9:00 a.m. and 11:00 p.m., and Saturday and Sunday between 11:00 am and 8:00 pm Eastern Time, excluding major U.S. holidays.
About NASCOThe Atlanta-based company delivers a robust portfolio of premier healthcare technology products, solutions and services that are helping health plans empower the future healthcare ecosystem. To learn more, visit NASCO.com
SOURCE NASCO