Industry - Data Breach
Executive Summary
WebTPA, a third-party healthcare administrator, disclosed a data breach affecting 2.4 million individuals after discovering unauthorized network access that occurred between April 18-23, 2023. The exposed information may include names, contact details, dates of birth, Social Security numbers, and insurance information, though financial account data and medical treatment records were not compromised. The company is offering affected individuals two years of free identity monitoring services th...
What Happened
WebTPA, a third-party healthcare administrator, discovered unauthorized network access on December 28, 2023, and determined that an intruder may have obtained personal information of approximately 2.4 million individuals during a five-day period between April 18 and April 23, 2023. The company launched an investigation with cybersecurity experts and notified federal law enforcement, benefit plans, and insurance companies. Exposed data may include names, contact information, dates of birth, Social Security numbers, and insurance information, though financial account data, credit card numbers, and medical treatment records were not compromised.
Who Is Affected
Approximately 2.4 million individuals whose information was managed by WebTPA as part of benefit plans and insurance companies are affected. The specific data exposed varies by individual, but all affected persons had their personal information accessible to unauthorized actors for several days in April 2023. As of the company's notice, there is no evidence that the exposed information has been misused.
Why It Matters
This breach exposes sensitive personal information including Social Security numbers for millions of people, creating long-term identity theft and fraud risks even without immediate evidence of misuse. The nearly eight-month gap between the unauthorized access in April 2023 and detection in December 2023 demonstrates how delayed breach discovery can leave individuals vulnerable without their knowledge. The incident highlights the privacy risks inherent in third-party healthcare administrators that manage personal data for multiple benefit plans and insurance companies.
What You Should Do
Affected individuals should enroll in the two years of free identity monitoring services offered through Kroll that WebTPA is providing. Monitor credit reports regularly for unauthorized accounts or inquiries and review all insurance Explanations of Benefits statements for unfamiliar claims or services. Consider placing a fraud alert or credit freeze with the major credit bureaus to prevent unauthorized accounts from being opened using your Social Security number.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources
Related Events
- Industry - LawsuitApr 14, 2026
Cardiovascular Consultants agreed to pay $3.85 million to settle a class action ...
- Industry - Data BreachApr 6, 2026
Phoenix-based Cardiovascular Consultants agreed to pay $3.85 million to settle a...
- Industry - Data BreachApr 2, 2026
Cardiovascular Consultants agreed to pay $3.85 million to settle a class action ...