TMLT’s failure to adopt industry standard data protections as required by law places its customers at permanent risk of identity theft.
A Class Action Complaint was recently filed against Texas Medical Liability Trust (TMLT) following a second report from the Maine Attorney General that the company and its affiliates, Texas Medical Insurance Company, Physicians Insurance Company and Lone Star Alliance Inc., suffered a cyber security attack that affected 59,901 individuals.
According to the report, TMLT noticed suspicious activity within its IT environment on October 12, 2022. Steps were taken to secure its systems and third-party forensics specialists were engaged to investigate. They determined that an unauthorized actor had access to its environment between October 2, 2022, and October 13, 2022, and during that time, files containing protected health information may have been accessed that included –
- date of birth
- email address
- social Security numbers,
- EIN/Tax Identification numbers,
- state identification/driver’s license information,
- financial account information,
- medical treatment,
- diagnosis information,
- demographic information.
TMLT first advised the Maine Attorney General of the breach on March 21, 2023 but it took until August 18, 2023 to complete the review of the affected files. The company followed up with a second notice on September 11, 2023.
On each of these dates, the Texas Medical Liability Trust sent out data breach letters to the victims of the breach. These letters inform the victims of their stolen data and offer complimentary identity protection services.
How Did This Happen?
The lawsuit alleges that TMLT failed to implement adequate data security to protect and safeguard sensitive personal information as required by law.
TMLT had a legal obligation and duty under the Health Insurance Portability and Accountability Act (HIPPA) to apply industry standard data security on sensitive personal identifying/health information.
This cavalier attitude toward data security standards allowed hackers to exfiltrate patient data in unredacted and unencrypted format.
What Is TMLT Doing To Protect My Identity?
According to the lawsuit, TMLT has not offered any meaningful assistance to consumers and is only offering basic identity protection for one year. They have not offered or provided any fraud insurance in contrast to what is frequently made available to consumers in other data breaches.
Know Your Legal Rights.
If you were notified that your information had been stolen as a result of the Texas Medical Liability Trust data breach, you may be entitled to compensation or other remedies beyond what TMLT is offering.