NASCO, a third-party provider of benefits administration services to health plans, used a third-party software application, MOVEit Transfer by Progress Software (“MOVEit”), to exchange files. On May 30, 2023, NASCO experienced a data security incident, due to a previously unknown vulnerability in MOVEit, in which a threat actor acquired data from NASCO’s MOVEit server. When NASCO learned of this incident on July 12, 2023, it promptly took steps to secure its systems, notified law enforcement authorities, and launched an investigation that found that some of the acquired files contained the personal information of certain health plan members. NASCO is providing notification to impacted individuals and offering them 24 months of complimentary enrollment in Experian®’s identity monitoring services.
The type of provider data impacted in this incident varies by individual and may include provider name, provider ID, including NPI, TIN/SSN, and/or legacy number.
NASCO takes the protection of personal information seriously as data privacy and security are among its highest priorities. Upon discovering the incident, it promptly took steps to mitigate the risk to its customers and personal information. They encourage affected individuals to enroll in the complimentary identity monitoring services, to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their free credit reports for suspicious activity and to detect errors. Affected individuals should also review benefits documents that they receive from their heath plan to confirm that they received the health care services described.
If you are an impacted health plan provider with questions about the incident or how to enroll in Experian®' identity monitoring services, call 1-855-873-7643, Monday through Friday between 9:00 a.m. and 11:00 p.m., and Saturday and Sunday between 11:00 a.m. and 8:00 p.m. Eastern Time, excluding major U.S. holidays.
We apologize for any inconvenience or concern this may cause. NASCO takes security very seriously, and protecting your information is among its highest priorities. NASCO has applied additional safeguards within its environment to further enhance threat prevention.