Multiplan

Multiplan is a healthcare entity headquartered in the United States. The organization provides services that intersect with multiple providers and health plans, as indicated by the data exposed in the February 2023 breach. Its core activities involve handling protected health information and personal details for the healthcare sector. The breach revealed that Multiplan maintains data repositories used by various healthcare partners. The incident highlighted the organization's role in managing sensitive information across the health ecosystem. Multiplan's headquarters location situates it within the U.S. healthcare market.

In February 2023, Multiplan was compromised through a third‑party breach affecting Fortra's GoAnywhere file transfer service, where the Clop ransomware group exploited a vulnerability to exfiltrate approximately three terabytes of data. The stolen information included folders belonging to numerous providers and health plans, containing protected health information and personal details. Attackers leaked the data on the dark web and used it to pressure the organization into meeting extortion demands. Multiplan faced criticism for allegedly delaying public disclosure of the breach until after its quarterly reports were released. This event was part of a wider campaign that impacted many healthcare entities using the same file transfer solution. The breach underscored the risks associated with third‑party service dependencies in the healthcare industry.