Cyber Incident Victim: Choice Health Insurance
Date:
May 2022
Location:
United States of America
Summary
Choice Health Insurance experienced a data breach when an unauthorized individual accessed a database due to a third-party vendor's technical security misconfiguration, resulting in the exposure of sensitive personal and health information including names, Social Security numbers, Medicare beneficiary IDs, dates of birth, contact details, and insurance data. The compromised information was subsequently offered for sale on a hacking forum, with the attacker claiming possession of extensive files potentially affecting a significant number of individuals. The organization initiated notifications and offered affected parties complimentary credit monitoring services, attributing the incident to human error that enabled unauthorized internet access to the database.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Choice Health Insurance experienced a data breach involving unauthorized access to a database containing sensitive personal and health information. The incident originated from a technical security configuration error attributed to a third-party service provider, which left a database exposed to the internet. On or approximately May 7, 2022, an unauthorized individual exploited this vulnerability to obtain database files. The breach was first publicly disclosed on May 9, 2022, when an advertisement appeared on a popular hacking forum offering the stolen data for sale. The forum listing included database field headers and samples of the data, with the seller claiming to have acquired the information two days prior—corroborating the May 7 intrusion timeline. Choice Health became aware of the incident on May 14, 2022, after being alerted that an unauthorized party was offering access to their data. The company initiated an investigation and confirmed on May 18, 2022, that the breach resulted from the third-party provider’s misconfiguration, which allowed external access to the database.
The compromised data included personally identifiable information and protected health information such as first and last names, Social Security numbers, Medicare beneficiary identification numbers, dates of birth, addresses, contact details, and health insurance information. While Choice Health’s notification did not specify the number of affected individuals, the forum advertisement claimed the dataset comprised 600MB of data containing 2,141,006 files categorized as “Agents, Commission, Contacts, Policies.” The company began notifying impacted individuals on June 8, 2022, and reported the incident to the California Attorney General’s Office. Affected parties were offered a complimentary 24-month membership to Experian IdentityWorks for credit monitoring and identity protection. The breach underscored human error as a critical factor, as no hacking was required to access the exposed data. Choice Health, now part of Alight Solutions, did not disclose additional remediation steps or system modifications in its public notification.