Health Law Highlights

Health Plan Services Firm Notifying 2.4 Million of PHI Theft

Summary of article from GovInfo Security, by Marianne Kolbasuk McGee:

Texas-based health plan administration services firm, WebTPA, is notifying over 2.4 million individuals about a hacking incident that occurred in 2023, which was detected in December of the same year. The breach potentially compromised personal data including names, contact information, birthdates, Social Security numbers, and insurance details. WebTPA has offered two years of free identity and credit monitoring services to those affected and has bolstered its network security. The delay in identifying and responding to the breach highlights the challenges organizations face in incident response and breach analysis. This incident is the third-largest breach reported in 2024 and emphasizes the increasing targeting of business associates that provide administrative services to health plans and other healthcare sector entities.