Cyber attack on Salus Group impacted members' personal information

Michigan-based healthcare solutions provider Salus Group said the data security incident it suffered in October last year compromised the sensitive personal information of its customers.

 

Headquartered in Sterling Heights, Michigan, Benefits Partner, doing business as Salus Group, is an independent healthcare solutions provider, offering wellness plans, health plan designs and benefits administration to corporate customers. Acquired by NFP in December, Salus Group earns more than $15 billion in annual revenue. 

 

In a data security incident notice posted on its website, Salus Group said that in October, it detected unusual  activity in an employee’s email account. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the unauthorised activity, deactivated the compromised email account and notified relevant law enforcement authorities about the incident.

 

“Through the investigation, we determined that there was unauthorised access to the account for a period of time on October 9, 2024. The investigation was unable to determine which emails, if any, were viewed by the unauthorised person,” the company said.

 

The compromised data included names, dates of birth, Social Security numbers, drivers’ license numbers, financial account information, health insurance information, and clinical or treatment information.

 

From March 27, Salus Group started notifying employers and insurance carriers about the incident, but stressed that the data security incident did not impact all of its clients.

 

While Salus Group found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

The healthcare solutions provider has also offered complimentary identity protection and credit monitoring services through Kroll to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Salus Group. The company also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.