"WebTPA Data Breach Impacts 2.4 million Insurance Policyholders"
The U.S. Department of Health and Human Services recently announced that the WebTPA Employer Services (WebTPA) data breach disclosed earlier this month impacts nearly 2.5 million individuals. Some of the impacted people are customers at large insurance companies. WebTPA is a GuideWell Mutual Holding Corporation subsidiary and a third-party administrator (TPA) that provides customized administrative services to health plans and insurance companies. WebTPA said the threat actor had access to personal data for five days between April 18 and April 23, 2023. However, WebTPA discovered the breach only in late December and immediately launched an investigation. WebTPA informed benefit plan providers and insurance companies of the data breach on March 25, 2024. The company sent notices to affected individuals on May 8, 2024, informing that the following types of data had been exposed: full names, contact information, dates of birth (and death where applicable), Social Security Numbers, and insurance information. The investigation revealed that financial account information, credit card numbers, medical treatment, and diagnostic information were not exposed to unauthorized access. Among the companies with customers affected by the WebTPA breach are Dean Health Plan, APA Voluntary Supplemental Medical Plan, The Hartford (Critical Illness, Hospital Indemnity, Accident, Medicare Supplement and Tricare products), Transamerica, and Gerber Life Insurance.
BleepingComputer reports: "WebTPA Data Breach Impacts 2.4 million Insurance Policyholders"