blackbasta attacks Health Plan services inc.

Incident Date: Jul 06, 2022

Attack Overview
VICTIM
Health Plan services inc.
INDUSTRY
Insurance
LOCATION
USA
ATTACKER
Blackbasta
FIRST REPORTED
July 6, 2022

Healthplan Services Inc. Ransomware Attack

Overview of the Incident

Healthplan Services Inc., a prominent provider of insurance services, recently fell victim to a ransomware attack orchestrated by the Blackbasta group. Operating within the insurance sector, Healthplan Services Inc. offers a diverse array of services, including reinsurance, marine, property, aviation, accident, health, life, and other insurance services, catering to a broad customer base in the United States.

Although the exact size of Healthplan Services Inc. is not detailed, comparisons with Group Health Cooperative of South Central Wisconsin (GHC-SCW)—which boasts 79,000 members—suggest Healthplan Services Inc. might serve a similarly extensive clientele. This wide-ranging service offering, while beneficial, potentially exposes the company to increased cyber threats due to a larger attack surface.

Vulnerabilities and Attack Details

The specific vulnerabilities exploited in the attack on Healthplan Services Inc. remain undisclosed. However, insights from a related incident involving GHC-SCW, which thwarted a ransomware attempt yet suffered a data breach affecting over 533,000 individuals, imply that similar weaknesses could have been leveraged. Attack vectors such as phishing, unpatched software, or inadequate password policies are common culprits in such breaches.

Blackbasta, the ransomware group claiming responsibility for this attack, is notorious for its ALPHV or BlackCat ransomware, which it rents to other cybercriminals. This incident underscores the ongoing trend of ransomware attacks targeting the healthcare sector, causing significant operational disruptions.

The attack on Healthplan Services Inc. underscores the critical need for robust cybersecurity measures within the insurance sector, particularly for entities offering a wide range of services. While the full extent of the breach and the specific data compromised have not been detailed, the incident serves as a stark reminder of the cybersecurity challenges facing the insurance industry.

Sources

Disclaimer

The Halcyon Attacks Lookout Database is compiled using publicly available information based on the hosting choices of real-world threat actors and data from a variety of trackers. This information is provided in accordance with principles of fair use. Halcyon has made reasonable efforts to sanitize and verify the data; however, we do not guarantee the accuracy, completeness, or reliability of the information provided. Updates to the database are made as new source data becomes available from reputable sources.  By accessing, viewing, or using the information within the Halcyon Attacks Lookout Database, you acknowledge and agree to do so entirely at your own risk. No reliance should be placed upon the information for decision-making, and Halcyon disclaims all liability for any inaccuracies or omissions in the data.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.