DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Texas Medical Liability Trust updates its data breach notification; now provides notification on behalf of almost 60,000 individuals

Posted on September 12, 2023 by Dissent

In March, Texas Medical Liability Trust on behalf of itself and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company, and Lone Star Alliance, Inc., a Risk Retention Group (collectively “TMLT”) filed a breach notification with the Maine Attorney General’s Office. That submission indicated that 625 individuals had been affected by a breach that occurred between October 2, 2022 and October 13, 2022.

On September 11, TMLT filed a second submission with Maine. This one indicated that they were reporting 59,901 individuals had been affected.

In its appended notification letter, TMLT did not change its initial report of what happened or when — the incident was still described as an unauthorized external actor accessing and, in some cases, acquiring data. There was nothing to suggest that there was any encryption or ransom demand involved.

In their first notification to the state, they wrote:

On January 13, 2023 notice was provided to the impacted policy holders. That notice provided the individuals associated with that policy that were potentially impacted, and offered to provide notice on the policy holders’ behalf to both individuals and regulators, as requested. This process is on-going. Based on policyholder responses at this time, we are providing notice to impacted individuals, which includes one (1) Maine resident. Written notice is being provided in substantially the same form as the letter attached here as Exhibit A. Notification to impacted individuals is ongoing and TMLT may supplement this notification if it is determined that a significant amount of additional Maine residents will receive notice.

Comparing the two notifications to Maine, the September 11 submission appears to simply be the result of more policyholders requesting TMLT provide notification on their behalf, although there is no indication as to who, exactly, those policyholders might be.

The types of information seem to vary by policyholder client. One notification template informed those affected that the information that could have been subject to unauthorized access included name, Social Security number, driver’s license number, and financial account information with access. Yet a notification letter sent to those whose data were being processed for medical malpractice claims services were told that the types of information involved included name, Social Security number, driver’s license number/government issued identification, financial account information, medical treatment and diagnosis information, and health insurance information.

How many of the almost 60,000 individuals were from that latter group is not specified and the incident has not appeared on HHS’s public breach tool so we do not know how many are patients. Nor do we know whether there will be additional supplemental reports over time, but it is hard to reconcile these disclosures with compliance with HIPAA’s 60-day notification rule.

 

No related posts.

Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← Facebook Messenger phishing wave targets 100K business accounts per week
Conti member indicted for role in 2021 Scripps Health ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.