Posted On May 3, 2023 Consumer Privacy & Data Breaches
May 3 – After discovering that sensitive customer data in its possession had been compromised by malware, HealthPlan Services, Inc. (HPS) notified the Attorney General of Maine on April 28, 2023. According to the company’s report, the breach exposed consumers’ names, dates of birth, Social Security numbers, identifying information, bank account information, and health and medical insurance information. After it was determined that customer information had been compromised, HPS immediately began notifying those whose personal information had been compromised.
Knowing what is at stake in the event of a data breach notice is essential. Console & Associates, P.C., data breach lawyers, are looking into the HealthPlan Services data breach on behalf of people whose information was exposed. As part of our investigation, we are providing free consultations to anybody who was affected by the breach and is interested in learning more about the risks of identity theft, countermeasures to take, and possible legal remedies against HPS.
HealthPlan Services, Inc. is a business services provider that targets the insurance and managed care sectors with retention, service, technological solutions, and sales. In 2016, Wipro, a multinational provider of IT and consulting services headquartered in Bengaluru, Karnataka, India, purchased HealthPlan Services, a Tampa, Florida-based organization. HealthPlan Services began operations in 1970, and today it employs over 786 individuals and has an annual revenue of over $148 million.
According to a report filed with the Maine Attorney General’s Office, HPS discovered it had been the target of a malware assault on June 23, 2022. Although HPS has not disclosed how it learned of the incident, it has since notified law enforcement and launched an investigation to ascertain whether or not any customer data was compromised.
The HPS investigation established that someone outside the corporation had infiltrated its computer network. Later, it was discovered that the unauthorized party had accessed files containing private consumer information.
HealthPlan Services immediately began reviewing the hacked files to ascertain the nature of the data leak and the number of consumers. The data that may have been compromised includes, but is not limited to, names, dates of birth, Social Security numbers, identity information, bank account information, and health and medical insurance information.
HealthPlan Services notified anyone whose personal information was exposed as a result of the security incident via letters dated April 28, 2023.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the HealthPlan Services, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
We are writing with important information regarding a data security incident that occurred at HealthPlan Services Inc. (“HPS”). HPS provides certain technology-based services for , which requires access to and storage of certain individual information. The privacy and security of the information we maintain is of the utmost importance to HPS. We wanted to provide you with information about the incident and let you know that we continue to take significant measures to protect your information.
What Happened? HPS detected that some elements within our network had been affected by malware and, as a result, an unauthorized party accessed and/or acquired certain files or folders from portions of our network on June 23, 2022.
What We Are Doing. Upon detecting the incident that same day, HPS commenced an immediate and thorough investigation, contained the network, and alerted law enforcement. As part of our investigation, HPS engaged leading cybersecurity professionals to identify the extent of the activity and what, if any, members’ personal information may have been accessed and/or acquired by the unauthorized party. After a thorough and detailed forensic investigation and comprehensive manual document review, on [Redacted] HPS determined that certain personal information may have been acquired in the incident. HPS subsequently moved to notify you about this incident and provide you with information to protect your personal and/or health information. Notification of the incident was not delayed as a result of a law enforcement investigation.
HPS values your privacy and deeply regrets that this incident has occurred. We take the security of your information very seriously and have taken many precautions to safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of your information. Since detecting the incident, we have reviewed and revised our information security practices, provided additional training to employees, and implemented additional security measures to mitigate the chance of a similar event in the future.
What Information Was Involved? The information potentially involved includes your full name and, [Redacted].
What You Can Do. To protect you from the potential misuse of your information, we are offering identity theft protection services through IDX, A ZeroFox Company, the data breach recovery services expert. IDX identity protection services include: 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised. For more information on identity theft prevention and IDX identity protection services including instructions on how to activate your complimentary 24-month membership, please see the additional information provided in this letter. This letter also provides other precautionary measures you can take to protect your information, including placing a fraud alert and/or security freeze on your credit files, and/or obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.
For More Information. If you have any further questions regarding this incident, please call our dedicated and confidential toll-free response line that we have established to respond to questions surrounding the incident at . This response line is staffed with professionals familiar with this incident and knowledgeable on what you can do to protect against misuse of your information. The response line is available Monday through Friday, from 9AM to 9PM Eastern Time, excluding holidays.