WebTPA healthcare data breach affects 2.4M individuals

More than 2.4 million individuals were affected by a healthcare data breach that occurred at WebTPA Employer Services, a third-party administrator that processes health plan claims.

WebTPA detected suspicious activity on its network in December 2023 and launched an investigation with the help of law enforcement and third-party cybersecurity experts. The investigation revealed that an unauthorized party had obtained personal information from WebTPA’s systems between April 18 and April 23, 2023.

WebTPA said that it promptly notified benefit plans and insurance companies of the incident. However, the extent of the affected data was not confirmed until March 25, 2024.

The information involved in the breach may have included names, dates of birth, dates of death, Social Security numbers, contact information, and insurance information.

WebTPA did not explain in its notice why it took a full year to determine the impact of the incident. It offered identity monitoring services to impacted individuals and deployed security tools to strengthen its security posture after the breach.

The company is already facing seven proposed class action lawsuits over the breach, Bloomberg Law reported. The lawsuits allege that WebTPA failed to implement reasonable data security measures as required by HIPAA. Plaintiffs also took issue with the delayed breach notification.