On October 31, 2022, Three Rivers Provider Network (“TRPN”) submitted notice of a data breach to the Vermont Attorney General after the company determined that an unauthorized party was able to access an employee’s email account containing sensitive information belonging to certain individuals. According to TRPN, the breach resulted in the names, dates of birth, addresses, Social Security numbers, passport numbers, driver’s license or state-issued ID numbers, and health information being compromised. Recently, TRPN sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
Given the recent Three Rivers Provider Network data breach, an untold number of individuals are facing the very real threat of identity theft. However, as we’ve discussed in a previous post, victims of a breach don’t need to take a “wait and see” approach, nor should they. If you received a data breach notice from TRPN, you have options, and it’s important you understand what they are—both in terms of protecting yourself and holding the responsible parties accountable.
Details About the Three Rivers Provider Network Data Breach
The available information regarding the Three Rivers Provider Network breach comes from the company’s filing with the Office of the Vermont Attorney General as well as notice provided on the TRPN website. According to these sources, on June 3, 2022, TRPN learned that an unauthorized party had gained access to a single employee’s email account. In response, the company secured the affected account and launched an investigation to determine the nature and scope of the incident, as well as what, if any, consumer data was compromised.
On August 17, 2022, the company’s investigation confirmed that sensitive information belonging to certain individuals was among the data accessible to the unauthorized party through the compromised email account.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Three Rivers Provider Network began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, address, Social Security number, passport number, driver’s license or state-issued ID number, and health information
On October 31, 2022, Three Rivers Provider Network sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1996, Three Rivers Provider Network is a proprietary provider of insurance coverage based in Las Vegas, Nevada. The company has a network of more than 4.3 million provider locations, including than 5,000 hospitals and 75,000 ancillary facilities such as acute care hospitals, surgery centers, network physicians, MRI centers, laboratories, radiology practices, urgent care clinics, home health providers, DME, chiropractors, physical therapists, and mental health providers. Three Rivers Provider Network employs more than 106 people and generates approximately $111 million in annual revenue.