Cyber Incident Victim: Beacon Health Solutions, LLC

On or around October 21, 2020, Beacon Health Solutions, LLC, a HIPAA-covered business associate providing integrated health benefits and claims administration services, was listed on the dedicated leak site operated by the REvil (Sodinokibi) ransomware threat actor. Forensic timestamps suggested the attackers had exfiltrated data from Beacon’s systems in mid-September 2020. REvil’s initial post included screenshots of directory structures and select files from Beacon’s network as proof of access. By November 6, 2020, REvil escalated their activity by publicly dumping portions of the stolen “Clients data,” indicating the release of sensitive information belonging to Beacon’s clients or their beneficiaries. The nature of Beacon’s operations as a claims administrator implied the compromised data likely included protected health information (PHI) and personally identifiable information (PII) subject to HIPAA breach notification rules.

As of the article’s publication date in November 2020, Beacon Health Solutions had not publicly acknowledged the incident. No breach notification statements appeared on the company’s website, and no filings were visible on the U.S. Department of Health and Human Services (HHS) public breach portal. The organization did not respond to multiple email inquiries from DataBreaches.net seeking confirmation of the incident or details about its scope. REvil’s data dump confirmed unauthorized access to and exfiltration of client-related data, creating potential risks of identity theft, fraud, or medical privacy violations for affected individuals. The absence of public disclosures or regulatory filings by Beacon left the full scale of the breach, including the number of impacted individuals and specific data elements compromised, unverified at the time of reporting.