Keenan & Associates Data Breach Affects More Than 1.5 Million Individuals
The Torrance, CA-based insurance broker Keenan & Associates has recently reported a cybersecurity incident to the Maine Attorney General that has affected 1,509,616 individuals. Keenan & Associates is part of AssuredPartners NL, one of the largest brokerage firms in the United States. The company has clients across a variety of industries, including healthcare and the public sector, and is the third-party administrator of Prime Healthcare’s employee benefit health plan. Prime Healthcare was one of the affected clients.
The cybersecurity incident was detected on Sunday, August 27, 2023, when some of its network servers were disrupted. Action was immediately taken to contain the attack and isolate the affected network servers and third-party cybersecurity experts were engaged to investigate to determine the nature and scope of the unauthorized activity. The forensic investigation confirmed that there had been unauthorized access to its internal systems at various points between August 21, 2023, and August 27, 2023, and during that time, certain files were exfiltrated from its systems. Some of those files contained personal data provided by its clients along with some employee data. The review of those files confirmed they contained names in combination with one or more of the following: date of birth, Social Security number, passport number, driver’s license number, health insurance information, and general health information.
Keenan & Associates said additional security protocols have been implemented to enhance network, data, and system security, and its security measures will continue to be evaluated to determine if further steps need to be taken to harden cybersecurity defenses. The incident has also been reported to the Federal Bureau of Investigation (FBI) and Keenan & Associates has been assisting the FBI with its investigation.
While data theft was confirmed, Keenan & Associates is unaware of any actual or attempted misuse of the stolen data. As a precaution, affected individuals have been offered complimentary credit monitoring, identity theft protection, and identity theft resolution services. Keenan & Associates did not publicly disclose the names of the affected clients, so it is unclear at this stage whether the breach is reportable under the Health Insurance Portability and Accountability Act.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: February 21, 2024: Prime Healthcare has confirmed that the protected health information of 101,135 members of the Prime Healthcare Employee Health Plan was compromised.
