The WebTPA Employer Services data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes.
Some of the impacted people are customers at large insurance companies such as The Hartford, Transamerica, and Gerber Life Insurance.
WebTPA is a GuideWell Mutual Holding Corporation subsidiary and a third-party administrator that provides customized administrative services to health plans and insurance companies.
It employs 18,000 people and generates $103 million in annual revenue.
The breach happened last year but it was discovered last December, when the company found evidence of suspicious activity on its network.
A recent update on the U.S. Department of Health and Human Services data breach portal shows that the number of affected individuals is 2,429,175.
According to the notification on WebTPA's website, the threat actor had access to personal data for five days, between April 18 and April 23, 2023.
WebTPA discovered the breach only in late December and immediately launched an investigation.
WebTPA informed benefit plan providers and insurance companies of the data breach on March 25, 2024.
The investigation revealed that financial account information, credit card numbers, medical treatment, and diagnostic information have not been exposed to unauthorized access.
Multiple health plan and insurance organizations have published notifications saying that the WebTPA data breach has impacted some of their customers.
In the data breach notification, WebTPA has included instructions on how to enroll for two years of credit monitoring, identity theft protection, and fraud consultation services through Kroll, which is possible until August 1st. Although WebTPA says it's not aware of any cases of misuse of the exposed data, affected individuals should remain vigilant for communications from potential fraudsters and refrain from sharing any personal or financial information in such cases.
It is also advisable to review credit reports carefully and consider placing a security freeze on credit files to mitigate fraud risks.
MediSecure e-script firm hit by 'large-scale' ransomware data breach.
Kaiser Permanente: Data breach may impact 13.4 million patients.
Banco Santander warns of a data breach exposing customer info.
Singing River Health System: Data of 895,000 stolen in ransomware attack.
DocGo discloses cyberattack after hackers steal patient health data.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 17 May 2024 14:45:31 +0000