Arizona Complete Health

Arizona Complete Health operates as a health plan providing managed care services to members in Arizona, administering health coverage and processing claims for enrolled individuals. The organization handles sensitive personal and medical information, including names, addresses, dates of birth, insurance identification numbers, and detailed health data such as medical conditions and treatment records. A significant data breach in January 2021, which affected over 27,000 members, illustrates the scale of their membership base and the nature of the protected health information they maintain. This incident places them within the U.S. healthcare insurance sector, where they function as an intermediary facilitating access to medical services while complying with stringent healthcare data protection regulations. Their operations require robust security protocols to safeguard member data against evolving cyber threats, particularly in third-party vendor ecosystems.

The organization's response to the Accellion breach, where threat actors accessed member files via a compromised file-transfer service, demonstrates a focused incident management strategy. Arizona Complete Health immediately terminated its relationship with Accellion, removed all data from the vendor's systems, and initiated an internal review of data-sharing procedures. Federal law enforcement, including the FBI, was engaged to investigate the cyberattack attributed to the CLOP ransomware group. Although no evidence of data misuse was identified, the organization provided one year of complimentary credit monitoring and identity theft restoration services to affected individuals. These actions underscore a commitment to member protection and regulatory compliance, while the breach itself highlights critical vulnerabilities in third-party vendor risk management that the organization has since sought to address through enhanced oversight and data removal protocols.