The WebTPA Employer Companies (WebTPA) data breach disclosed earlier this month is impacting near 2.5 million people, the U.S. Division of Well being and Human Companies notes.
A number of the impacted persons are clients at giant insurance coverage corporations resembling The Hartford, Transamerica, and Gerber Life Insurance coverage.
WebTPA is a GuideWell Mutual Holding Company subsidiary and a third-party administrator (TPA) that gives personalized administrative providers to well being plans and insurance coverage corporations. It employs 18,000 folks and generates $103 million in annual income.
The breach occurred final 12 months however it was found final December, when the corporate discovered proof of suspicious exercise on its community.
A current replace on the U.S. Division of Well being and Human Companies data breach portal reveals that the variety of affected people is 2,429,175.
In keeping with the notification on WebTPA’s web site, the menace actor had entry to non-public knowledge for 5 days, between April 18 and April 23, 2023. Nonetheless, WebTPA found the breach solely in late December and instantly launched an investigation.
“On December 28, 2023, we detected proof of suspicious exercise on the WebTPA community that prompted us to launch an investigation,” reads the announcement.
“The investigation concluded that the unauthorized actor could have obtained private info between April 18 and April 23, 2023,” WebTPA notes.
WebTPA knowledgeable profit plan suppliers and insurance coverage corporations of the data breach on March 25, 2024. The corporate despatched notices to affected people on Could 8, 2024, informing that the next forms of knowledge had been uncovered:
- Full title
- Contact info
- Date of beginning (and dying the place relevant)
- Social Safety Quantity (SSN)
- Insurance coverage info
The investigation revealed that monetary account info, bank card numbers, medical remedy, and diagnostic info haven’t been uncovered to unauthorized entry.
A number of well being plan and insurance coverage organizations have revealed notifications saying that the WebTPA data breach has impacted a few of their clients.
Among the many corporations with clients affected by the WebTPA breach are Dean Well being Plan, APA Voluntary Supplemental Medical Plan, The Hartford (Crucial Sickness, Hospital Indemnity, Accident, Medicare Complement and Tricare merchandise), Transamerica, and Gerber Life Insurance coverage.
Within the data breach notification, WebTPA has included directions on how you can enroll for 2 years of credit score monitoring, identification theft safety, and fraud session providers by Kroll, which is feasible till August 1st.
Though WebTPA says it’s not conscious of any instances of misuse of the uncovered knowledge, affected people ought to stay vigilant for communications from potential fraudsters and chorus from sharing any private or monetary info in such instances.
It is usually advisable to overview credit score experiences rigorously and contemplate putting a security freeze on credit score information to mitigate fraud dangers.
