Texas Attorney General Ken Paxton has launched an investigation into the Conduent Business Services data breach, which he stated could potentially be the largest healthcare data breach in United States history.
Investigation Announcement
Texas Attorney General Ken Paxton announced that his office has opened an investigation into the data breach at Conduent Business Services. He stated that the breach was likely the largest in United States history and indicated that his office would seek to determine whether any insurance entity failed to meet its obligations.
Scope Of The Breach
The breach of Conduent’s systems occurred between October 21, 2024, and January 13, 2025. An unauthorized third party gained access to sensitive personal data during that period.
The exposed information included names, birthdates, addresses, Social Security numbers, medical information, and health insurance information. One source reported that the breach involved protected health information (PHI), including data belonging to Texas Medicaid recipients.
More than a year after the incident was detected, the total number of affected individuals has not been confirmed.
Affected Entities
The list of confirmed victims is not yet final. Entities identified as affected include Humana, Premera Blue Cross, Volvo Group North America with 17,000 workers, and various Blue Cross and Blue Shield branches in Montana, Texas, and Illinois.
Blue Cross Blue Shield of Texas was identified as one of the affected entities. Blue Cross and Blue Shield of Texas confirmed that its systems were not directly impacted by the cyber incident but acknowledged that member data was compromised through Conduent’s systems.
The full list of affected entities has not been disclosed.
Number Of Impacted Individuals
The notification sent to Attorney General Paxton state that more than 15.49 million individuals in Texas have been affected, and that total has increased at least twice since the initial notification was issued. Approximately four million impacted by the data breach were Texans.
Investigative Actions
Attorney General Paxton is seeking information on the security policies, practices, and protocols at Conduent. He issued Civil Investigative Demands to Conduent and Blue Cross Blue Shield of Texas seeking documentation and evidence related to the security lapse.
The investigation will examine whether Conduent complied with Texas law. It will also assess Blue Cross Blue Shield of Texas’s compliance with state regulations concerning the protection of confidential information. Determination of HIPAA-compliance is also likely since Conduent provides mailroom, payment, and back office support services to Blue Cross Blue Shield of Texas, which requires access to certain types of member information, including PHI.
Litigation surrounding the Conduent breach has been reported, and one source stated that the breach ranks as the eighth largest healthcare data breach in United States history.
