Industry - Data Breach
Executive Summary
WebTPA, a third-party healthcare administrator, disclosed a data breach affecting 2.4 million individuals after discovering unauthorized network access that occurred between April 18-23, 2023. The exposed information may include names, contact details, dates of birth, Social Security numbers, and insurance information, though financial account data and medical treatment records were not compromised. The company is offering affected individuals two years of free identity monitoring services th...
What Happened
WebTPA, a third-party healthcare administrator, discovered unauthorized network access on December 28, 2023, and determined that an intruder may have obtained personal information of approximately 2.4 million individuals during a five-day period between April 18 and April 23, 2023. The company launched an investigation with cybersecurity experts and notified federal law enforcement, benefit plans, and insurance companies. Exposed data may include names, contact information, dates of birth, Social Security numbers, and insurance information, though financial account data, credit card numbers, and medical treatment records were not compromised.
Who Is Affected
Approximately 2.4 million individuals whose information was managed by WebTPA as part of benefit plans and insurance companies are affected. The specific data exposed varies by individual, but all affected persons had their personal information accessible to unauthorized actors for several days in April 2023. As of the company's notice, there is no evidence that the exposed information has been misused.
Why It Matters
This breach exposes sensitive personal information including Social Security numbers for millions of people, creating long-term identity theft and fraud risks even without immediate evidence of misuse. The nearly eight-month gap between the unauthorized access in April 2023 and detection in December 2023 demonstrates how delayed breach discovery can leave individuals vulnerable without their knowledge. The incident highlights the privacy risks inherent in third-party healthcare administrators that manage personal data for multiple benefit plans and insurance companies.
What You Should Do
Affected individuals should enroll in the two years of free identity monitoring services offered through Kroll that WebTPA is providing. Monitor credit reports regularly for unauthorized accounts or inquiries and review all insurance Explanations of Benefits statements for unfamiliar claims or services. Consider placing a fraud alert or credit freeze with the major credit bureaus to prevent unauthorized accounts from being opened using your Social Security number.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- Cookeville Regional Medical Center hospital data breach impacts 337,917 people - Security Affairs
- Data Breach Alert: Edelson Lechtzin LLP Investigates Cookeville Regional Medical Center Data Breach - WFMZ.com
- Legitimate email | Comcast customers offered compensation after 2023 data breach - WGAL
- How to Claim Your Share of the $117.5 Million Comcast Data Breach Settlement - CNET
- Comcast data breach: Cable giant to establish $117.5 million settlement fund - See if you're eligible to file - FOX 29 Philadelphia
- Comcast agrees to $117.5M settlement in data breach case - Boston 25 News
- Cookeville Regional Medical Center hospital data breach impacts 337,917 people - Security Affairs
- Oklahoma State Tax Commission Fails To Notice Data Breach for 18 Months
- Tyler Robert Buchanan pleads guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft.
- Comcast customers can now file claim as part of $117.5M data breach settlement - MLive.com
- Comcast customers: Here’s how to get your part of $117.5M data breach settlement - NJ.com
- Legitimate email | Comcast customers offered compensation after 2023 data breach - WGAL
- Data breach in Nigeria’s financial ecosystem - TheCable
- $117.5M Comcast settlement offers payouts after 2023 data breach: What to know - CNYhomepage.com
Related Events
- Industry - LawsuitApr 14, 2026
Cardiovascular Consultants agreed to pay $3.85 million to settle a class action ...
- Industry - Data BreachApr 6, 2026
Phoenix-based Cardiovascular Consultants agreed to pay $3.85 million to settle a...
- Industry - Data BreachApr 2, 2026
Cardiovascular Consultants agreed to pay $3.85 million to settle a class action ...