Security breaches reported by benefit plan administrators and The People Concern


Virginia-based Roanoke, Benefit Plan Administrators Inc., recently notified 3,775 people that an unauthorized person had gained access to their network and deleted files containing some of their protected health information. Breach notification letters do not reveal when the incident occurred, but the forensic investigation concluded on March 15, 2022 and notification letters were sent to those affected on June 15 or around this date.

Benefits plan administrators said the following types of information were in the files that were deleted from its systems: full names, addresses, dates of birth, social security numbers, gender classification, claims, medication information, and medical diagnosis/condition information. The violation was reported to the HHS Civil Rights Office as four separate incidents. Employees of Alpha Natural Resources Non-Union VEBA Trust and Williamson Employment Services, Inc. are known to have been affected.

No evidence was found to indicate that any of the deleted information was misused. Free credit monitoring services were provided to those affected. Benefits plan administrators said additional safeguards had been put in place by the IT department to prevent similar incidents from happening in the future.

The People Concern reports breach of employee email accounts

The People Concern, a service for the homeless based in Los Angeles, California, discovered that the email accounts of some of its employees had been accessed by an unauthorized third party. The accounts contained community members’ sensitive information such as date of birth, social security number, health insurance information, and medical information regarding care received through its programs.

The security breach was detected when suspicious activity was observed in the email accounts, with the investigation revealing that they had been accessed by unauthorized people at various times between April 6, 2021 and December 9, 2021.

In response to the breach, email security measures were tightened and those affected were offered free subscriptions to an identity theft protection and resolution service for one year. It is currently unknown how many people have been affected.

Advocates Inc. Discovers Others Affected by 2021 Data Breach

In January 2022, Advocates Inc., based in Framingham, MA, began notifying those affected by a cyberattack that saw its network compromised between September 14, 2021 and September 18, 2021. The incident was initially thought to have affected 68,236 people, but the investigation later confirmed that more people had been affected. Review of the affected files continued through June 9, 2022, and additional notifications were mailed to affected individuals on June 28, 2022. Details of the breach can be found in this article. It is currently unknown how many additional people have been affected.

Previous Employee Benefit Plan Considerations After ROE | SmithAmundsen LLC
Next The 'Mouvement BE' summer art camp celebrates its first anniversary