swidup
commented
5 months ago https://www.hipaajournal.com/benefytt-emsa-lindsay-municipal-hospital-affected-by-cyberattacks/
"Health Plan Intermediaries Holdings, which operates as Benefytt, has recently confirmed that it was affected by a data breach at a business associate of its vendor, Multiplan Inc. Multiplan used the law firm, Orrick, Herrington & Sutcliffe, LLP, which suffered a ransomware attack. Benefytt said its systems and those of Multiplan were unaffected; however, data provided to the law firm to perform its contracted duties was exposed and potentially compromised. The cyberattack was detected on March 13, 2023, and on March 10, 2023, Orrick, Herrington & Sutcliffe confirmed that files containing sensitive data had been stolen. Benefytt said neither MultiPlan nor Orrick could determine which health insurance plans were affected, and that it has been working with the two firms to obtain the necessary information to issue notifications.
Benefytt said it is notifying all affected individuals and is offering them complimentary credit monitoring services. Orrick, Herrington & Sutcliffe reported the breach to the HHS’ Office for Civil Rights on June 30, 2023, as affecting 40,823 individuals; however, the total was revised upwards to 152,818 individuals, and the notification to the Maine attorney General in December 2023 states that 637,620 individuals were affected. It is currently unclear how many Multiplan/Benefytt health plan members have been affected."
https://techcrunch.com/2024/01/04/orrick-law-firm-data-breach/