Software solutions provider Young Consulting (also known as Connexure) based in Atlanta services the employer stop-loss insurance industry. It recently encountered a BlackSuit ransomware attack that compromised the medical insurance data of 954,177 persons.
The software offered by Young Consulting is widely used by carriers, brokers, and third-party administrators to underwrite and manage stop-loss insurance plans. These insurance plans help businesses and companies that self-fund employee benefits programs to get protection against sudden, large-scale losses without paying 100% for losses.
On April 13, 2024, Young Consulting began experiencing technical issues. A cybersecurity forensics company investigated the issue and found out the cause and extent of the breach. The investigation revealed that unauthorized access to the company’s network occurred from April 10 to April 13, 2024, during which time the attacker downloaded certain files from its network.
The ongoing review of these files has confirmed that the breached data includes information from Blue Shield of California and other HIPAA-covered entities. Young Consulting informed Blue Shield and other impacted entities about the breach on June 28, 2024, and has since been working to update contact details for the impacted persons. The data breach affected sensitive data such as names, birth dates, Social Security numbers, insurance policy data, claims data, and prescription details. Young Consulting is sending personal notification letters to affected members of Blue Shield and other clients.
Although the data breach notification submitted to the Maine Attorney General has no specific information about the nature of the attack, it seems to be a ransomware attack carried out by the BlackSuit ransomware group. On May 7, 2024, BlackSuit added Young Consulting to its data leak site, claiming that it had stolen some business and employee-related data, including contracts, presentations, passwords, medical data, family data, financial information, and more. The group alleges that Young Consulting’s management rejected negotiations. Therefore, a 324 GB compressed file containing the stolen data was published on its leak site.
Young Consulting stated that there is no evidence of misuse of the stolen information but is giving free credit monitoring services for 12 months to potentially impacted persons as a safety measure. With the confirmation of data theft, it has instructed the impacted individuals to make use of these services and sign up for them by November. The company may also consider providing extra HIPAA training in response to the attack.
The Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently updated their guidance on the Royal ransomware group, which is believed to have rebranded as BlackSuit. The group, consisting of former members of the Conti ransomware gang, has been responsible for numerous attacks on HIPAA-covered entities and their business associates in the last two years. It is known for stealing data and demanding ransoms to prevent the public release on its data leak site.