Horizon Actuarial Services and the Clinic of North Texas have just announced breaches of the protected health information (PHI) of patients and plan members.
Data Theft and Extortion Incident at Horizon Actuarial Services
Horizon Actuarial Services (HAS) has lately reported a security breach and the theft of the personal information of members of benefits plans to whom it offers technical and actuarial consulting services, such as the Major League Baseball Players Benefit Plan and also the Local 295 IBT Employer Group Welfare Fund.
HAS stated that on November 12, 2021, it was given an email from a cyber actor claiming the theft of the personal data of plan members stored in its computer servers. HAS immediately took steps to protect its servers to avoid any further unauthorized access, and engaged a computer forensics company to investigate the possible security breach and know the legitimacy of the email.
HAS affirmed that two servers were accessed from November 10 to 11, 2021, and files that contain names, birth dates, Social Security numbers, and health plan details were exfiltrated. HAS stated it made a deal with the threat actors. The stolen information would be deleted and wouldn’t be disclosed or misused after paying the ransom.
HAS stated it informed the affected plans regarding the breach. Notification letters were mailed to impacted people starting on March 9, 2022. Complimentary credit monitoring, fraud and identity theft support services were provided to affected persons.
A few impacted plans opted to self-report the incident. Horizon Actuarial Services breach report stated the breach affected 38,418 people. The Major League Baseball Players Benefit Plan reported the breach separately and claimed that 13,156 persons were impacted. The Local 295 IBT Employer Group Welfare Fund stated that 6,123 individuals were affected.
HAS mentioned it is checking its security policies and has imposed extra measures to secure against identical incidents in the future.
Clinic of North Texas Suffered Cyberattack in November 2021
Clinic of North Texas located in Wichita Falls has recently reported it suffered a cyberattack on or around November 9, 2021, and hackers acquired access to patient information kept on its systems. A third-party computer forensics agency investigated the incident to figure out the nature and scope of the breach, and if patient files were stolen during the attack.
The investigation revealed the hackers obtained access to a system folder that included files with patient names, dates of birth, addresses, and limited health data. Clinic of North Texas mentioned it took a number of steps because of the breach, which includes altering all administrator passwords, employing two-factor authentication, and deploying endpoint detection, response, and threat hunting tools. Affected people received complimentary memberships to a credit monitoring service.
The incident is not yet posted on the HHS’ Office for Civil Rights breach website and so it is currently unclear how many persons were impacted.