A Texas-based health plan administration services firm, WebTPA, is informing over 2.4 million people about a data breach detected in December, involving a network server and personal information stolen between April 18 and April 23, 2023. The firm reported the incident to the US Department of Health and Human Services and engaged third-party cybersecurity experts to investigate
The compromised data includes names, contact details, birthdates, Social Security numbers, and more, with affected individuals offered two years of identity and credit monitoring services. Financial and treatment information were reportedly not compromised. This breach underscores the challenges organizations face in incident response and breach analysis, as there was a considerable time lapse between detecting suspicious activity and confirming data theft, involving stolen PHI. The breach is among the largest posted on the HHS Office for Civil Rights' HIPAA Breach Reporting Tool in 2024, highlighting the ongoing threat to health data and the importance of robust cybersecurity measures in the healthcare sector. ```https://www.bankinfosecurity.com/health-plan-services-firm-notifying-24-million-phi-theft-a-25267