One-sentence summary:
HealthPlan Services, Inc., a subsidiary of Wipro, was breached in June 2022 and is notifying over 9,000+ potential victims almost 10 months after the breach.
Who was involved?
HealthPlan Services (HPS), Inc., Wipro, 9,457 customers, and a threat actor.
What was the timeline?
June 23, 2022: Breach starts and HPS detects the breach, begins incident response
February, 28, 2023-March 21, 2023: Breached data is discovered
April 28, 2023: HealthPlan Services (HPS) begins consumer notification per the Maine OAG office
What occurred?
HealthPlan Services (HPS), Inc. suffered a data breach in June 2022, potentially breaching the following sensitive data for over 9,457 members: “individual names, dates of birth, medical and/or health insurance information, and certain Social Security numbers, financial account information, and/or identification information” (HealthPlan Services, Inc., 2023; Paluzzi, 2023; Wipro, n.d.). HPS notified a Maine resident nearly 10 months after the breach, also likely around the time they notified the other thousands of members (Paluzzi, 2023).
Estimated costs:
Incident response costs, breach notification costs, 24 months of IDX identity protection services including a $1 million insurance policy, M-F call center
Involved laws:
Federal: HIPAA and HITECH
State: Maine: 10 M.R.S.A. § 1346
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
Abhignak (Wipro). (2021, March 25). Wipro_Primary_Logo_Color_RGB.svg. Wikipedia. https://en.wikipedia.org/wiki/Wipro#/media/File:Wipro_Primary_Logo_Color_RGB.svg
HealthPlan Services, Inc. (2023). HPS_Final_Member_letter_proof_Redacted_31968262v1.pdf. In Data Breach Notifications. Office of the Maine Attorney General. Retrieved May 5, 2023, from https://apps.web.maine.gov/online/aeviewer/ME/40/03135fd0-2c7c-408b-b52b-c93ed41fffdb/dae9cfe4-9cf6-4960-80d9-0d45c4645419/document.html
Paluzzi, D. (2023). Data Breach Notifications. In Privacy, Identity Theft and Data Security Breaches. Office of the Maine Attorney General. Retrieved May 5, 2023, from https://apps.web.maine.gov/online/aeviewer/ME/40/03135fd0-2c7c-408b-b52b-c93ed41fffdb.shtml
Wipro. (n.d.). Notice Regarding Data Security Incident – Wipro. Wipro Healthplan Services. Retrieved May 5, 2023, from https://www.wipro.com/healthplan/notice-regarding-data-security-incident/