New West Notifying Affected Customers of Security Breach
HELENA, Mont. — Montana Insurance Commissioner Monica J. Lindeen’s office was notified by New West Health Services today of a security breach that may affect the personal information of 25,000 past and present New West customers.
“New West is mailing letters to affected customers today,” said Lindeen. “I urge those customers to take steps to protect themselves.”
Lindeen served as President of the National Association of Insurance Commissioners in 2015 and was instrumental in implementing a Cybersecurity Consumer Protections document as a member of the Cybersecurity Task Force.
“When you purchase insurance, you have the right to know how your personal information is being collected, maintained and used,” said Commissioner Lindeen. “This protection also extends to being notified if your information has been involved in a data breach.”
The NAIC Cybersecurity Consumer Protections document includes the following:
- Know the types of personal information are collected and stored by your insurance company, agent or any business it contracts with.
- Expect your insurance company, agent or any business it contracts with to take reasonable steps to keep unauthorized persons from seeing, stealing or using your personal information.
- Get a notice from your insurance company, agent or any business it contracts with if an unauthorized person has seen, stolen or used your personal information. This is called a data breach. This notice should:
— Be sent in writing by first-class mail or by e-mail if you have agreed to that.
— Be sent soon after a data breach and never more than 60 days after a data breach is discovered.
— Describe the type of information involved in a data breach and the steps you can take to protect yourself from identity theft or fraud.
— Describe the action(s) the insurance company, agent or business it contracts with has taken to keep your personal information safe.
— Include contact information for the three nationwide credit bureaus.
— Include contact information for the company or agent involved in a data breach.
- Get at least one year of identity theft protection paid for by the company or agent involved in a data breach.
- If someone steals your identity, you have a right to:
— Put a 90-day initial fraud alert on your credit reports. (The first credit bureau you contact will alert the other two.)
— Put a seven-year extended fraud alert on your credit reports.
— Put a credit freeze on your credit report.
— Get a free copy of your credit report from each credit bureau.
— Get fraudulent information related to the data breach removed (or “blocked”) from your credit reports.
— Dispute fraudulent or wrong information on your credit reports.
— Stop creditors and debt collectors from reporting fraudulent accounts related to the data breach.
— Get copies of documents related to the identity theft.
— Stop a debt collector from contacting you.
You can read the Cybersecurity Consumer Protection document here.
New West is offering one year of complimentary credit monitoring and identity protection services to those individuals whose Social Security numbers were compromised.
If you have questions about your rights as an insurance customer, please contact the Policy Holder Services Division at the Montana State Auditor’s Office at 1-800-332-6148.