Data Breaches Reported by VeriSource Services & CBIZ Benefits & Insurance Services
The protected health information (PHI) of more than 112,000 individuals was compromised at VeriSource Services, a website vulnerability was exploited at CBIZ Benefits & Insurance Services affecting 9,100 individuals, and Okanogan Behavioral HealthCare has experienced a breach of the PHI of almost 1,100 individuals.
VeriSource Services Confirms Breach of PHI of 112,726 Individuals
VeriSource Services, a Houston, TX-based provider of employee benefit administrative and enrollment solutions to employer groups, has confirmed that personal and protected health information (PHI) was stolen in a February cyberattack.
On August 20, 2024, VeriSource Services issued notifications to 112,726 individuals about the cyberattack, which was identified on February 28, 2024, when unusual activity was identified within its computer network. Immediate action was taken to secure its systems and prevent further unauthorized access, and third-party cybersecurity experts were engaged to conduct a forensic investigation. The investigation confirmed that there had been unauthorized access to its network, and the threat actor copied files from its network on February 27, 2024. The review of the affected files confirmed they contained names, dates of birth, and Social Security numbers.
The cyberattack was reported to the Federal Bureau of Investigation (FBI,) and VeriSource Services said it has taken steps to improve security to prevent similar breaches in the future. VeriSource Services said it is unaware of any actual or attempted misuse of the stolen data and is offering complimentary credit monitoring and identity theft protection services to the affected individuals.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: In April 2025, Verisource Services filed an updated breach report with the Maine Attorney General, confirming up to 4 million individuals were affected by the data breach.
CBIZ Benefits & Insurance Services Discovers Theft of PHI from Database
CBIZ Benefits & Insurance Services, a provider of actuarial, administration, and investment advisory services and administration services for retiree health and wellness plans, recently experienced a breach of information stored in some of its databases. Access to the databases was obtained by exploiting a vulnerability on one of its web pages.
The intrusion was detected on June 24, 2024, and the forensic investigation confirmed there had been unauthorized access to the databases between June 2 and June 21, 2024, and that information was copied from those databases. According to the notification sent to the Maine Attorney General, the breach involved the personal and protected health information of members of its retiree health and wellness plans. The types of data potentially stolen include names, contact information, dates of birth, Social Security numbers, retiree health information, and welfare plan information.
CBIZ said it is unaware of any misuse of the stolen information and is providing complimentary credit monitoring and identity theft protection services to the affected individuals. The breach has been reported to the HHS’ Office for Civil Rights as involving the protected health information of 9,103 individuals.
Okanogan Behavioral HealthCare Cyberattack Affects 1,082 Individuals
Okanogan Behavioral HealthCare (OBH) in Washington has experienced a cyberattack that disrupted some of the operations of IT systems. The security breach was detected on May 15, 2024, and the forensic investigation confirmed on May 20, 2024, that there had been unauthorized access to files on its systems between May 13, 2024, and May 15, 2024.
The review of the affected files is ongoing, but it has been determined that they could have included client names, contact information, dates of birth, Social Security numbers, driver’s license numbers, other identification numbers, and medical information, including diagnosis and treatment information, and health insurance information. The types of information involved vary from individual to individual.
Individual notifications were mailed on August 23, 2024, and complimentary identity theft monitoring services have been offered to individuals whose Social Security numbers or driver’s license numbers were involved. OBH said additional safeguards and technical security measures have been implemented to further protect and monitor its systems. The breach was reported to the HHS’ Office for Civil Rights as affecting 1,082 individuals.
