Cyber Incident Victim: Three Rivers Provider Network
Date:
Oct 2022
Location:
United States of America
Summary
Three Rivers Provider Network experienced a data breach when an unauthorized party accessed an employee's email account, compromising sensitive consumer information including names, dates of birth, addresses, Social Security numbers, passport numbers, driver’s license or state ID details, and health data. The organization secured the affected account, confirmed the exposure through an investigation, and notified impacted individuals via mailed communications. TRPN, a Nevada-based insurance network serving millions through extensive healthcare facilities, addressed the incident by reviewing compromised files to identify affected parties and the scope of exposed personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 3, 2022, Three Rivers Provider Network (TRPN) identified unauthorized access to a single employee’s email account, prompting immediate security measures to isolate the compromised account and initiate an internal investigation. The Las Vegas-based insurance provider, which maintains a network of over 4.3 million provider locations and generates approximately $111 million annually, engaged forensic experts to determine the intrusion’s scope and potential data exposure. By August 17, 2022, TRPN’s investigation confirmed that the unauthorized party accessed sensitive consumer information stored within the email account. The compromised data included personally identifiable information such as names, dates of birth, addresses, Social Security numbers, passport numbers, and driver’s license or state-issued ID numbers, alongside health-related information. TRPN subsequently conducted a manual review of the affected files to catalog the specific data types exposed and identify impacted individuals, a process that extended over two months following the breach confirmation.
TRPN formally notified the Vermont Attorney General’s Office of the breach on October 31, 2022, coinciding with the distribution of individualized data breach letters to affected consumers. These letters detailed the categories of exposed information and provided guidance on mitigating identity theft risks, though the total number of impacted individuals remained undisclosed in public filings. The breach originated solely from the email account compromise, with no evidence of broader network infiltration or additional compromised systems beyond the initial point of entry. As a provider servicing thousands of hospitals and ancillary healthcare facilities, the incident exposed sensitive health and identification data, elevating risks of fraud and medical identity theft for victims. TRPN’s public disclosure emphasized containment of the breach to the single email account and completion of the consumer notification process, with no reported regulatory penalties or legal actions referenced in the available documentation at the time of reporting.