Healthcare management firm Regional Care said hackers stole the data of 225,000 individuals

Scottsbluff, Nebraska-based healthcare management company Regional Care said it experienced a cyber security incident in September that compromised the sensitive personal information of more than 225,000 individuals.

 

Regional Care, Inc. is a healthcare management company that partners with employers to provide customized health plan solutions to workers. The organisation focuses on delivering third-party administrative (TPA) services, including claims processing, health plan design, cost management, and employee benefits administration.

 

In a data security incident notice posted on its website, RCI said that September 18, it identified suspicious activity in its internal network and quickly launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that an unauthorised third party accessed and acquired a limited number of files from the company’s internal network. The compromised data included full names, dates of birth, Social Security numbers, medical information and health insurance information.

 

In a filing with the Office of the Maine Attorney General, RCI said that it has identified at least 225,728 individuals whose data was accessed during the incident.

 

“Upon discovery, we immediately shut down the account, contained the incident and commenced an immediate and thorough investigation,” RCI said. “RCI is committed to maintaining the privacy of personal information in our possession and has taken many precautions to safeguard it. RCI continually evaluates and modifies its practices and internal controls to enhance the security and privacy of your personal information.

 

The company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities. It has also offered one year of complimentary identity protection and credit monitoring services through Equifax Credit Watch Gold to all affected individuals.

 

At the time of publishing, no known ransomware group has claimed responsibility for the cyber attack on RCI. The company also did not share details on who is behind the cyber attack or how the threat actors infiltrated its internal network.