Hackers who obtained the credentials of a Benefit Recovery Specialists’ employee gained access to the insurer’s systems to deploy malware. More than 274,000 patients from several healthcare providers and payers that use Benefit Recovery Specialists (BRSI) for billing and collections services were notified on June 26, 2020 that their data was potentially breached after a hacker obtained employee credentials to deploy malware.
BRSI’s investigation confirmed that an unauthorized actor accessed BRSI’s systems using employee credentials and deployed malware within BRSI’s environment. The investigation further revealed that certain BRSI customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20, 2020 and April 30, 2020.
The compromised data could include names, dates of birth, policy identification numbers, provider names, diagnosis codes, dates of service and or procedure codes. Social Security numbers may have been affected for a small subset of patients.
Patients are required to share their personal and sensitive information to obtain medical treatment. In turn, healthcare insurers such as BRSI (whose services are used by numerous healthcare providers) owe a duty to protect that information. Unfortunately, BRSI failed to do so when it allowed cybercriminals to access patients’ sensitive information.
Attorneys at Finkelstein, Blankinship, Frei-Pearson & Garber, LLP have successfully recovered millions of dollars on behalf of data breach victims. We are currently investigating this matter, as well as other data breaches. If you believe that your information may have been unlawfully accessed, please contact us to discover your legal options.