SGT is investigating a data breach recently disclosed by NationsBenefits Holdings, LLC, (“NationsBenefits”), Fortra, LLC (“Fortra”) and Aetna Inc. (“Aetna”) for potential claims on behalf of those whose information was compromised.
NationsBenefits is a provider of supplemental benefits, flex cards, and member engagement solutions to health plans and managed care organizations. NationsBenefits uses software provided by Fortra to transfer sensitive policyholder information to health insurer Aetna. According to reporting and victim notification letters sent out by NationsBenefits, on or around January 30, 2023, a data breach suffered by Fortra exposed the sensitive personal information of over 3 million Aetna health plan members.
On April 27, 2023, NationsBenefits began mailing notification letters to Data Breach victims informing them that their sensitive personal information, now confirmed to include their name, address, health care account id numbers, and social security numbers, was compromised in a data breach that occurred on Fortra’s systems.
The Data Breach occurred after a ransomware group targeted NationsBenefits via third-party vendor Fortra's GoAnywhere MFT file transfer software on January 30, 2023. The group exploited a previously unknown (zero-day) vulnerability in Fortra’s software to access and exfiltrate data victims’ personal information. The compromised information includes first and last names, addresses, phone numbers, dates of birth, genders, health plan subscriber ID numbers, Social Security numbers, and/or Medicare numbers of health plan members from Aetna, Elevance Health Flexible Benefit Plan, UAW Retiree Medical Benefits Trust, and others.
While other healthcare organizations were also affected, NationsBenefits is currently the worst affected, with more than 3,037,303 individuals impacted by the breach. In total, over 4 million individuals had their protected health information stolen in these attacks. NationsBenefits has since strengthened its security measures, taken its MFT servers permanently offline, and transitioned to an alternative file transfer solution.
SGT believes NationsBenefits Data Breach victims may have claims against NationsBenefits, Aetna, and/or Fortra, as they are now at an increased risk of identity theft or other identity fraud-related crimes. If you have received a notification from NationsBenefits regarding the exposure of your information and would like to learn more about your rights, contact SGT Partner Ian W. Sloss at email@example.com or Associate Attorney Brett Burgs at firstname.lastname@example.org or call our office at (203) 325-4491.