The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

NationsBenefits Holdings Confirms 3 Million Record Data Breach

Posted By on May 8, 2023

NationsBenefits Holdings, LLC, a provider of supplemental benefits, flex cards, and member engagement solutions to health plans and managed care organizations, has confirmed that it has been affected by a security breach involving Fortra’s GoAnywhere MFT file transfer solution. The hackers behind the attack – the Clop ransomware group – gained access to NationsBenefits data on January 30, 2023, and exfiltrated that information from the GoAnywhere MFT solution. A ransom demand was issued, payment of which was required to prevent the publication of the stolen data. NationsBenefits was on of 130 organizations to have data stolen in the attacks.

The Clop group exploited a previously unknown (zero-day) vulnerability in the GoAnywhere MFT solution, which allowed them to access and steal data from vulnerable on-premises MFT servers. NationsBenefits Holdings said the Clop group was only able to access two MFT servers; however, a review of the files on those servers revealed they contained the protected health information of 3,037,303 health plan members, including, but not limited to, Aetna ACE, Elevance Health Flexible Benefit Plan, and UAW Retiree Medical Benefits Trust. The compromised information included: first and last name, address, phone number, date of birth, gender, health plan subscriber ID number, Social Security number, and/or Medicare number.

Other healthcare organizations known to have been affected include Community Health Systems (1 million individuals) and Brightline (at least 964,300 individuals); however, NationsBenefits is currently the worst affected healthcare entity. Overall, more than 4 million individuals had their protected health information stolen in these attacks. NationsBenefits said it learned about the security breach when its security monitoring team received an alert from one of its MFT servers at 16:02 on February 7, 2023, indicating unauthorized access. Fortra was contacted and asked to assist with the investigation, with the initial review confirming that the MFT server had been accessed and data had been stolen. The subsequent internal investigation confirmed that the threat actor did not move laterally to other NationsBenefits systems or applications.

NationsBenefits confirmed that prior to the attack layered security controls were already in place, but said security measures have since been strengthened. NationsBenefits has taken its MFT servers permanently offline and has transitioned to an alternative file transfer solution that does not rely on Fortra software. Notification letters started to be mailed to affected individuals on April 13, 2023. Complimentary credit monitoring services have been offered for 24 months.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist