Ransomware Attack on Software Vendor Involved Medical Insurance Information of 954K Individuals
Young Consulting (Connexure), an Atlanta, GA-based vendor that provides software solutions to the employer stop loss marketplace, has fallen victim to a BlackSuit ransomware attack that involved the medical insurance information of 954,177 individuals.
The software provided by Young Consulting helps carriers, brokers, and third-party administrators market, underwrite, and administer stop-loss insurance. Stop-loss insurance protects against unexpected losses and is often purchased by businesses and organizations that self-fund their employee benefits plans but do not want to be 100% liable for any losses.
Young Consulting started experiencing “technical difficulties” on April 13, 2024. A cybersecurity forensics firm was engaged to assist with the investigation and determine the nature and scope of the incident. The forensic investigation confirmed there had been unauthorized access to its network between April 10, 2024, and April 13, 2024, and during that time, certain files were downloaded from its network.
The review of those files is ongoing; however, it has been confirmed that some of the impacted data belonged to Blue Shield of California and other HIPAA-covered entities. Confirmation of the attack was provided to Blue Shield and other entities on June 28, 2024, and since that date, Young Consulting has been working on obtaining up-to-date contact information for the affected individuals. The investigation is ongoing; however, it has been confirmed that names, Social Security numbers, dates of birth, prescription information, insurance policy information, and claims information were involved. Young Consulting is issuing individual notification letters to the affected Blue Shield members and on behalf of other covered entity clients.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The data breach notification provided to the Maine Attorney General does not provide further details on the exact nature of the incident; however, this appears to have been a ransomware attack by the BlackSuit ransomware group. BlackSuit listed Young Consulting on its data leak site on May 7, 2024, and claims to have stolen business data such as contracts and presentations, employee data including passwords, contracts, family information, and medical examinations, financial data such as audits, reports, and payments, and other types of data. The listing claims that top management at Young Consulting completely refused to negotiate and, as a result, the stolen data was listed on its leak site – a compressed 324 GB file. The HIPAA Journal has not verified the contents of the file.
Young Consulting said it is unaware of any misuse of the stolen data but, as a precaution, is offering potentially affected individuals complimentary credit monitoring services for 12 months. Since data theft has been confirmed, the affected individuals should take advantage of those services and have until November to sign up for them.
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued an update to previously issued guidance about the Royal ransomware group that confirmed that Royal has rebranded as BlackSuit. Members of the group are thought to have split from the Conti ransomware group in early 2022, forming a group called Zeon before rebranding as Royal, and again as BlackSuit. The group has conducted many attacks on HIPAA-covered entities and their business associates over the past 2 years and is known to steal data and demand the payment of a ransom to prevent the data from being listed on its data leak site.
