In May 2023, reports began to surface that Elevance Health Flexible Benefit Plan (“Elevance Health,” “Elevance”) experienced a third-party data breach after confidential patient data in the possession of NationsBenefits Holding, LLC, a vendor of Elevance Health, was compromised in a ransomware attack. Based on various reports, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers and Protected health information. Recently, Elevance and NationsBenefits began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Elevance or NationsBenefits, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, the NationsBenefits breach impacted multiple organizations across the country, affecting over 3 million patients. This makes the NationsBenefits breach one of the largest data breaches in 2023. As is the case with all similar incidents, victims now face a significantly greater risk of identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Elevance Health / NationsBenefits data breach, reach out to a data breach lawyer.
What We Know So Far About the Elevance Health Breach
News of the Elevance Health data breach is still fresh; however, what we know at this point comes from various reports suggesting the company was one of many affected by the NationsBenefits data breach.
Evidently, on February 7, 2023, NationsBenefits experienced a security breach involving Fortra’s GoAnywhere MFT file transfer solution. Fortra is a third-party vendor of NationsBenefits. Subsequent investigation confirmed that some of the data leaked in the Fortra breach impacted certain clients of NationsBenefits.
At this point, NationsBenefits conducted a review of the data, determining that certain Elevance Health member information was contained in the compromised files.
Upon discovering that sensitive consumer data was made available to an unauthorized party, NationsBenefits began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, and protected health information. Based on a review of all available sources, Elevance Health’s computer systems were not affected by the incident.
As of May 22, 2023, Elevance Health had not sent out data breach notification letters. However, NationsBenefits sent out letters to patients who were affected by the incident in April 2023.
More Information About Elevance Health and NationsBenefits
Elevance Health is a large insurance company based out of Indianapolis, Indiana. The company owns and operates several other insurance companies, including Anthem, Wellpoint, MMM, HealthLink, Health Sun, Amerigroup, Simply Healthcare Plans, Unicare, Wellpoint Military Care and carelon. Elevance Health employs more than 102,300 people and generates approximately $156 billion in annual revenue.
NationsBenefits Holding, LLC is a supplemental insurance benefits company based in Plantation, Florida. The company helps health plans deliver customized healthcare solutions to employers, for example, by providing payment platforms and member engagement solutions. NationsBenefits employs more than 500 people and generates approximately $467 million in annual revenue.