Breach, Threat Management, Data Security, Malware, Phishing

Hundreds of Delaware residents among the victims of BenefitMall breach

Delaware's Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies.

It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a "data security incident" that took place between June 2018 and October 11. According to a company press release, the breach compromised employee email accounts containing customers' names, addresses, Social Security numbers, birth dates, bank account numbers and insurance premium payment information.

The Department of Insurance advised local customers of Highmark BCBS, Aetna, Emblem Health, Humana and UnitedHealth to keep an eye out for personal breach notifications in the mail. The agency also recommended that consumers accept any free credit and identity monitoring services that these insurance companies may offer.

"The Department of Insurance takes any breach of personal information very seriously. We will continue to do our part by conducting further investigations to fully understand what happened, how it happened and what data was affected,"
said Insurance Commissioner Trinidad Navarro in his department's Jan. 28 release. "Our goal is to minimize the negative effects and prevent similar incidents from happening in the future.” 

The release also states that Delaware this year is working to pass legislation "intended to fortify the security measures that protect consumer data and that will require insurance companies and affiliated third-party vendors to notify the Insurance Commissioner of any breach as soon as possible."

BenefitMall said that to prevent a similar incident in the future, it has implemented additional security measures to protect employee emails and consumer data, including two-factor authentication and access control. It also is providing employees with anti-phishing training.

The number of victims located Delaware is just a small percentage of those impacted. HealthITSecurity reported earlier this month that 111,589 consumers in total were affected by the breach.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.