The servers of a Seattle-based benefits administrator has been hacked, attackers possibly got away with troves of personal information before destroying it.
The incident, which happened in January, affected about 140,000 individuals of Service Employees International Union 775 Benefits Group. According to the company, the affected individuals had lost their data to hackers. The incident was immediately reported to the authorities.
The company says it detected anomalous behavior on April 4. The hired forensic experts who are investigating the matter said hackers have gained access to data systems, deleting certain personal information and PHI.
This is a second health benefits administrator that reported a data breach to federal regulators in recent weeks. In January, an unknown actor accessed and then deleted personal information belonging to about 3.3 million people, customers of Hearing Care Network, a Florida-based vision and hearing benefits administrator.
While SEIU 775 Benefits Group says that the compromised information included individuals’ names, addresses, Social Security numbers, and health plan enrollment or identity information.
The benefits administrator is offering affected individuals free Kroll identity and credit monitoring for one year.
The company did not disclose any more details about the incident, nor said whether it could recover data from backups.
“Data deletion breaches are not as prevalent as those where data is exfiltrated or held for ransom, but can still be very costly,” said Cathie Brown of privacy and security consultancy Clearwater to GovInfoSecurity.
The key to successful restoring from backups is having the discipline to regularly test and confirm them, as well as ensuring they are recoverable.
Most breaches happen because organizations fail to implement basic security measures, such as regularly conducting security scans and securing their networks and servers, says David Fischer, security analyst at IBM Security.
Another area of focus for building a strong cybersecurity program is asset inventory and management. This is especially important for entities that have sensitive data stored on their systems.
“Healthcare is the number one target because of the lack of strong cyber programs across the industry,” Brown said. “Entities are improving on the security of customer or patient data, but do not always put the same level of controls around employee data.”
