Cyber Incident Victim: Law Enforcement Health Benefits Inc.

On September 14, 2021, threat actors infiltrated the network of Law Enforcement Health Benefits Inc. (LEHB), a Pennsylvania-based health benefits plan provider. The attackers deployed ransomware that encrypted files stored on LEHB’s network. The organization discovered the encryption activity shortly after the intrusion but did not immediately confirm data theft. Over four months later, in February 2022, LEHB’s forensic investigation determined the attackers had exfiltrated sensitive personal information belonging to 85,000 individuals prior to encrypting the data. The compromised information included names, Social Security numbers, driver’s license numbers, dates of birth, health insurance details, and medical information. LEHB initiated member notifications in March 2022, nearly six months after the initial breach. The organization stated it had not received any reports of identity theft or fraud stemming from the incident as of the notification date.

LEHB publicly acknowledged the ransomware attack’s impact on network operations and data security in its breach notifications. The organization emphasized its commitment to addressing evolving cybersecurity threats by implementing additional network security measures and enhancing internal procedures to detect and remediate future incidents. LEHB also reported reviewing and updating its internal policies to minimize recurrence risks. While the attackers’ specific identity and ransom demands remained undisclosed, the breach prompted operational changes focused on hardening defenses against similar intrusions. The delayed determination of data exfiltration—spanning from September 2021 to February 2022—highlighted the prolonged investigation timeline required to assess the full scope of compromised information.