NationsBenefits Holdings Confirms 3 Million Document Information Breach

Posted By HIPAA Journal on Might 8, 2023

NationsBenefits Holdings, LLC, a supplier of supplemental advantages, flex playing cards, and member engagement options to well being plans and managed care organizations, has confirmed that it has been affected by a safety breach involving Fortra’s GoAnywhere MFT file switch resolution. The hackers behind the assault – the Clop ransomware group – gained entry to NationsBenefits information on January 30, 2023, and exfiltrated that data from the GoAnywhere MFT resolution. A ransom demand was issued, cost of which was required to stop the publication of the stolen information. NationsBenefits was on of 130 organizations to have information stolen within the assaults.

The Clop group exploited a beforehand unknown (zero-day) vulnerability within the GoAnywhere MFT resolution, which allowed them to entry and steal information from susceptible on-premises MFT servers. NationsBenefits Holdings stated the Clop group was solely capable of entry two MFT servers; nevertheless, a overview of the recordsdata on these servers revealed they contained the protected well being data of three,037,303 well being plan members, together with, however not restricted to, Aetna ACE, Elevance Well being Versatile Profit Plan, and UAW Retiree Medical Advantages Belief. The compromised data included: first and final title, deal with, cellphone quantity, date of delivery, gender, well being plan subscriber ID quantity, Social Safety quantity, and/or Medicare quantity.

Different healthcare organizations recognized to have been affected embody Neighborhood Well being Techniques (1 million people) and Brightline (at the very least 964,300 people); nevertheless, NationsBenefits is at present the worst affected healthcare entity. General, greater than 4 million people had their protected well being data stolen in these assaults. NationsBenefits stated it discovered concerning the safety breach when its safety monitoring group acquired an alert from certainly one of its MFT servers at 16:02 on February 7, 2023, indicating unauthorized entry. Fortra was contacted and requested to help with the investigation, with the preliminary overview confirming that the MFT server had been accessed and information had been stolen. The next inner investigation confirmed that the risk actor didn’t transfer laterally to different NationsBenefits techniques or purposes.

NationsBenefits confirmed that previous to the assault layered safety controls have been already in place, however stated safety measures have since been strengthened. NationsBenefits has taken its MFT servers completely offline and has transitioned to an alternate file switch resolution that doesn’t depend on Fortra software program. Notification letters began to be mailed to affected people on April 13, 2023. Complimentary credit score monitoring providers have been supplied for twenty-four months.