New Era Life Insurance Companies Data Breach Impacts 335K Individuals
A major data breach has been announced by New Era Life Insurance Companies that involved the protected health information of more than 335,000 individuals. Data breaches have also been announced by Pacific Rehabilitation Centers, Artistic Family Dental, and DuPage County Health Department.
New Era Life Insurance Companies
New Era Life Insurance Companies, which include New Era Life Insurance Company, New Era Life Insurance Company of the Midwest, and Philadelphia American Life Insurance Company, have reported a major data breach to the HHS’ Office for Civil Rights that involved the protected health information of 335,506 individuals.
Suspicious activity was identified within its computer systems on December 18, 2024, and immediate action was taken to isolate the affected systems to contain the attack. Third party cybersecurity experts were engaged to investigate the activity and confirmed that certain systems had been accessed by an unauthorized third party between December 9, 2024, and December 18, 2024, and during that time, certain files were copied from its systems. A review of the exposed files was initiated, and that process was completed on January 31, 2025
The exposed files contained the data of policyholders, agents, and insurance carrier partners, and may have included names, birth dates, insurance ID numbers, claim information which may have included diagnosis/treatment information, and Social Security numbers. The types of exposed data varied from individual to individual. Individual notification letters are being mailed, and complimentary credit monitoring and identity theft protection services are being made available. Additional technical safeguards are being implemented to better protect and monitor its systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Pacific Rehabilitation Centers
UNITED BACKCARE PS, doing business as Pacific Rehabilitation Centers, a provider of medical, physical, and occupational therapy services, has notified 18,900 individuals about a recent ransomware attack that may have involved unauthorized access to their protected health information.
The attack was identified on December 30, 2024, when a ransom note was found on an employee’s computer. Servers were immediately taken offline; however, the attackers had already encrypted files on the network. According to the website breach notice, the encrypted information included patient, employee, and contractor data such as names, addresses, diagnosis and treatment information, social security numbers, health plan numbers, banking information for direct deposit, dates of birth, e-mail addresses, driver’s license numbers, citizenship status, passport numbers, dependent personal information, and electronic signatures.
Pacific Rehabilitation Centers said they transitioned to alternative systems within 24 hours to ensure uninterrupted patient care, additional security measures have now been implemented on all company devices, and an upgraded electronic medical record system will soon be implemented.
Artistic Family Dental
Artistic Family Dental in Indiana has recently confirmed that the protected health information of 3,915 patients was exposed in a November 2024 security incident. Suspicious activity was identified in its systems on November 11, 2024. An investigation was launched which determined that there had been access by an unauthorized actor, who may have viewed or acquired patient data. A file review was initiated and concluded on January 31, 2025. The exposed data included names, addresses, dates of birth, Social Security numbers, dates of service, group health insurance numbers, subscriber health insurance numbers, and amount billed for services rendered. A limited number of individuals also had their Social Security numbers exposed.
The breach notice makes no mention of ransomware; however, this appears to have been a ransomware attack by the Everest group. Everest added Artistic Family Dental to its data leak site in November 2024 and included samples of the stolen data.
DuPage County Health Department
DuPage County Health Department in Wheaton, Illinois, has recently announced a breach of the data of certain individuals who previously received services through the Communicable Disease/ Epidemiology Department. During a building renovation project, physical records related to contract tracing, disease surveillance, and similar services provided in 2023 are believed to have been destroyed; however, it has not been possible to confirm that the records were in fact destroyed.
The records included names, addresses, dates of birth, conditions, diagnoses, lab results, medications, and other treatment information. The data breach has been reported to the HHS’ Office for Civil Rights, but it is not yet shown on the breach portal, so it is unclear how many individuals have been affected.
