Cyber Incident Victim: Secure Administrative Solutions LLC

The ransomware incident involving Secure Administrative Solutions LLC (SAS) occurred between March 15 and April 15, 2021, impacting protected health information processed by the third-party vendor. Renaissance Life & Health Insurance Company of America, a SAS client, publicly disclosed the breach on April 14, 2021, stating they received notification from SAS on June 1 regarding the unauthorized system access. Threat actors successfully exfiltrated sensitive member data including names, addresses, dates of birth, health insurance policy numbers, policy types, premium amounts, and policy issuance dates. Renaissance's notification indicated the attackers claimed to have destroyed the stolen data post-exfiltration, though the insurer acknowledged the threat actors' identities remained unknown. The disclosure suggested SAS likely paid ransom to obtain this destruction assurance, though no explicit confirmation of payment was provided.

Renaissance issued breach notifications to affected members while SAS maintained no public statements on its website regarding the incident. Attempts to contact SAS through their web form failed due to technical errors, raising operational concerns during the response phase. The health insurer's notification emphasized SAS's efforts to protect consumers through post-breach actions, potentially anticipating legal considerations. Cigna appeared on SAS's partner list but hasn't publicly commented on potential impacts. The breach's full scope remained unclear as no case appeared on HHS's breach portal by the article's publication date, leaving the number of affected individuals unverified. Data security experts questioned the reliability of ransomware actors' data destruction promises, highlighting residual risks to consumers despite SAS's mitigation attempts.