A settlement has been reached in a class action lawsuit about a data incident that occurred on October 5, 2021, which potentially exposed personally identifiable information (“PII”) and/or protected health information (“PHI”) of True Health New Mexico, Inc. (“True Health”), customers and employees (the “Incident”).
A phishing attack occurred on October 5, 2021, and this attack may have resulted in cyber criminals accessing and obtaining the PII/PHI of True Health’s customers and employees. The Plaintiffs allege that the PII/PHI of True Health customers and employees was potentially impacted by the Incident. The potentially compromised PII and PHI includes name, date of birth, medical record or patient account number, and limited treatment and/or clinical information, such as diagnosis, medications, provider, type of treatment, and treatment location. The Plaintiffs allege that True Health did not take appropriate care to protect customers and employees from the Incident.
True Health denies all of the Plaintiffs’ claims and maintains it did not do anything wrong.
The Settlement includes all persons to whom True Health sent notification that their PII and/or PHI may have been or was exposed to unauthorized third parties as a result of the Incident.
The Settlement provides payments to people who submit valid Claims for out-of-pocket expenses and lost time that were incurred and plausibly arose as a result of the Incident, and for other extraordinary unreimbursed monetary losses and lost time.
The Settlement also includes two years of three-bureau credit monitoring and identity theft insurance through Equifax. You must submit a Claim to receive this benefit.
The Court in charge of this case still must decide whether to grant final approval of the Settlement. Payments and credit monitoring will only be made or permitted after the Court grants final approval of the Settlement and after any appeals are resolved.