Texas-based healthcare provider WebTPA has announced that a data security incident has impacted its network and some 2.4 million customers.
WebTPA is a third-party administrator with more than 30 years of experience building custom health plans. It specialises in customised health care benefits administration for self-funded employers, and insurance carriers.
The customer personal information that was compromised may have included name, contact information, date of birth, date of death, Social Security number, and insurance information.
But not every data element was present for every individual, and WebTPA said it is not aware of any misuse of benefit plan member information as a result of the incident.
“Financial information, such as financial account information or credit card numbers, and treatment or diagnostic information were not impacted,” it said in a note on its website.
The breach was discovered on 28 December last year, when an investigation started.
But WebTPA stated that the breach was discovered to have happened between 18 April and 23 April – several months before the breach was detected.
“Upon detecting the incident, we promptly initiated measures to mitigate the threat and further secure our network,” it said.
“We also launched an investigation with the support of industry leading third-party cybersecurity experts and notified federal law enforcement.”
WebTPA added it has tried to minimise the impact by offering individuals two years of complimentary identity monitoring services through Kroll.
It added: “We also deployed additional security measures and tools with the guidance of third-party cybersecurity experts to further strengthen the security of our network.”