Skip to Main Content

News

Choice Health Security Incident

Date: 10/06/22

Choice Health, a provider of insurance brokerage services, recently experienced a data security incident involving one of its customer relationship systems, after a service provider, Boru, Inc. (“Boru”), failed to properly configure the security settings for the database. This may have resulted in unauthorized access to the personal information of certain policy holders. 

On May 14, 2022, Choice Health learned an unauthorized actor, unaffiliated with Choice Health, had accessed and obtained data from one of its online databases on May 7, 2022.  Although the information varied from individual-to-individual, the unauthorized actor may have been able to access policy holder: first and last name, Social Security number; Medicare beneficiary identification number; date of birth; address and contact information; and health insurance information. 

Choice Health investigated the unauthorized access and determined that the unauthorized actor was able to gain access to the database in question because Boru had failed to properly configure the security settings for the database. Choice Health is in the process of notifying the affected individuals of this incident. 

In response to this incident, Choice Health worked with Boru to reconfigure the security settings on the database. Choice Health has also taken additional steps to enhance its data security measures to prevent the occurrence of a similar event in the future, including by requiring multi-factor authentication for all access to database files.

Choice Health encourages affected individuals to remain vigilant for identity theft by regularly reviewing their account statements, explanations of benefits from their health insurer, and to monitor other accounts closely. 

For additional information, please contact 1-800-941-2227.