Cyber Incident Victim: Benefit Management LLC
Date:
Mar 2022
Location:
United States of America
Summary
A health benefit administration company based in Kansas experienced a data breach after unauthorized access to an employee's email account compromised sensitive patient information. The incident exposed personal and medical details including names, Social Security numbers, diagnoses, insurance information, prescription data, and government identification numbers. Following an investigation with third-party specialists, the organization confirmed the exposure and notified affected individuals whose confidential data was accessible to unauthorized parties during the email compromise. The company provides administrative services to healthcare entities, handling health benefit programs for client patients.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 1, 2023, Benefit Management, LLC (BML) detected suspicious activity within an employee’s email account, prompting an immediate response that included reporting the incident to law enforcement and initiating an investigation with third-party data security specialists. The investigation revealed that an unauthorized party had accessed certain company email accounts between March 14, 2022, and April 2, 2022, exposing emails and attachments containing confidential patient information. BML confirmed that the compromised data included consumers’ names, addresses, dates of birth, Social Security numbers, diagnoses or conditions, health insurance details, medical records, claims information, prescription data, medical record numbers, and Medicare or Medicaid identification numbers. The breach affected information provided to BML by healthcare providers as part of its third-party administrative services, though the specific number of impacted individuals was not disclosed. By April 4, 2023, BML completed its review of the affected files to identify the scope of compromised data and the individuals involved.
Following the confirmation of data exposure, BML issued a press release on May 17, 2023, announcing the breach and began mailing notification letters to affected consumers. The company, a health benefit administration provider based in Great Bend, Kansas, emphasized that the breach stemmed from unauthorized email access rather than a direct compromise of its primary systems. BML’s services include administering health benefit programs for healthcare entities, and it operates with over 101 employees, generating approximately $26 million in annual revenue. The incident exposed highly sensitive personal and medical information, creating risks of fraud and identity theft for affected patients. No additional technical details regarding the attacker’s methods, containment measures beyond the investigation, or specific remediation steps for victims were disclosed in the available information.