A view of The Health Plan’s building in Wheeling.

WHEELING — The Health Plan on Friday evening announced that United Bank, which provides financial services for the company, informed it of a data breach that occurred in May that could affect The Health Plan customers.

The incident, according to a news release from The Health Plan, involved the compromise of a software product called MOVEit that is used by thousands of organizations around the world to transfer electronic data files. The MOVEit security compromise has been widely reported in the media and has affected many companies.

On June 13, The Health Plan was notified by United Bank that, on May 30, an unauthorized third party obtained certain electronic records of recent premium payment and premium payment coupons from United Bank by exploiting a previously unknown vulnerability in MOVEit software. United Bank has assured The Health Plan that upon discovery, United Bank took prompt action to mitigate the impact of the security incident.

That included taking the MOVEit server offline, promptly applying all recommended remediation measures, and launching an investigation, including with external security experts, to identify any impact on United Bank’s customers.

The impacted electronic records related to a period of approximately two weeks in May 2023 and included one or more of the following data elements: name, address, phone number, health plan identification number, group number, and an image of the premium payment. The incident did not involve any passwords related to bank accounts. Members impacted by the incident are receiving notice via mail.

The Health Plan has arranged with United Bank for impacted members to receive credit monitoring for one year from Equifax at no cost to the members.

“We commend United Bank’s prompt response and swift action to this security incident,” said Jeff Knight, president and CEO of The Health Plan. “Its commitment to mitigating risks is instrumental in safeguarding our members’ sensitive information.

“We want our members to know that protecting their privacy and personal information is paramount to our team,” he added. “We encourage members who have questions relating to this incident to call our dedicated hotline at 844-825-0290.”