Medical insurance info of 954K affected by vendor data breach

More than 950,000 individuals potentially had their medical insurance data exposed due to a vendor data breach caused by a ransomware attack. The breach originated at Young Consulting, an Atlanta-based software company that develops integrated software solutions for the underwriting, marketing and administering of medical stop-loss insurance.

According to a breach notice provided to Maine's office of the attorney general, Young Consulting experienced technical difficulties within its computer environment on April 13, 2024. Further investigation determined that an unauthorized actor gained access to Young Consulting's network between April 10 and April 13 and downloaded copies of certain files.

The information involved in the breach varied by individual but included names, dates of birth, Social Security numbers and insurance policy and claim information. Blue Shield of California also notified patients of the Young Consulting breach and directed affected patients to view Young Consulting's breach notice for more information.

BlackSuit ransomware group claimed responsibility for the ransomware attack that resulted in the data breach. The HHS Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note regarding BlackSuit in November 2023, warning its audience that the group "will likely be a credible threat" to the healthcare sector.

The Cybersecurity and Infrastructure Security Agency (CISA) warned defenders that BlackSuit is a rebrand of Royal, a variant that was also used against the healthcare sector in 2022 and 2023. CISA's August 2024 updated alert regarding BlackSuit noted that BlackSuit shares numerous coding similarities with Royal and has demonstrated improved capabilities.

CISA encouraged defenders to prioritize remediating known vulnerabilities, enable multifactor authentication, and train users to recognize and report phishing attempts.

Young Consulting said it took immediate steps to secure its environment upon discovery of the incident and encouraged affected individuals to take advantage of complimentary credit monitoring and identity theft restoration services.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.