NASCO, a healthcare technology provider of products and solutions for its health plan customers, is notifying certain individuals about a security incident that affected their personal information.
NASCO used a third-party software application, MOVEit Transfer by Progress Software (“MOVEit”), to exchange files. On May 30, 2023, NASCO experienced a data security incident in which an unauthorized third party acquired data from NASCO’s MOVEit instance. When NASCO learned of this issue on July 12, 2023, it promptly took steps to secure its systems, launched an investigation with the support of a leading cybersecurity firm, and notified law enforcement. NASCO is providing notice of this incident to certain affected individuals by letter and offering resources to help them protect their personal information.
Also Read: Demandbase One Available Now in AWS Marketplace
Data privacy and security are top priorities for NASCO, and the company takes the protection of personal information very seriously. Upon discovering the incident, NASCO promptly took steps to mitigate the risk to its customers and the affected personal information. NASCO encourages affected individuals to remain vigilant against incidents of identity theft and fraud and to review their account statements. U.S. residents are entitled to a free credit report annually. NASCO encourages affected individuals to monitor their free credit reports for suspicious activity and to detect errors. Affected individuals should also review benefits documents they receive from their health plan to confirm that they received the health care services described. NASCO has arranged to offer 24 months of identity monitoring services at no cost to affected individuals who receive a letter about this issue.
SOURCE: PRNewswire