Bay Bridge Administrators, LLC

Bay Bridge Administrators, LLC (BBA), based in Austin, Texas, experienced a significant data breach that was first identified on September 5, 2022, following a network disruption. The breach was a result of unauthorized access by an unknown actor who infiltrated the BBA network on or before August 25, 2022, and subsequently extracted certain data on or about September 3, 2022[1][2][7]. This incident compromised the personal and protected health information (PHI) of individuals enrolled in employment insurance benefits administered by BBA for the calendar year 2022. The compromised data included names, addresses, Social Security numbers, driver’s license or state identification card numbers, medical information, health insurance information, and dates of birth[1][2].

BBA, a third-party administrator of insurance products, works with major insurance carriers and employers to manage various insurance plans. The company’s investigation, conducted with the help of a cybersecurity firm, confirmed that the breach involved sensitive personal and health information shared with BBA by individuals, their employers, or their insurance carriers[1][2][3]. Despite the breach, BBA has stated that there is no evidence to suggest the misused information[1][2].

In response to the breach, BBA began notifying potentially impacted individuals on December 29, 2022, offering them 24 months of complimentary credit monitoring and identity protection services through IDX. They also established a toll-free call center to address concerns related to the incident[1][2]. The breach has affected over 251,000 individuals, making it a significant data security incident within the healthcare and insurance sectors[7][12].

The breach has led to a proposed class action lawsuit against BBA, alleging that the breach was a direct result of the company’s inadequate cybersecurity measures. The lawsuit claims that BBA failed to protect consumers’ personal data, which was stored unencrypted and in a vulnerable condition on its computer systems. It also criticizes the company for the delayed notification to the victims, arguing that BBA should have been more proactive in its response given the sensitive nature of the information it handles[5].

This incident underscores the growing concern over data security within the healthcare and insurance industries, highlighting the need for robust cybersecurity measures to protect sensitive personal and health information from unauthorized access and potential misuse.

Citations:

1. https://www.prnewswire.com/news-releases/bay-bridge-administrators-llc-notifies-individuals-of-data-breach-301718118.html
2. https://www.darkreading.com/cyberattacks-data-breaches/bay-bridge-administrators-llc-notifies-individuals-of-data-breach
3. https://www.jdsupra.com/legalnews/bay-bridge-administrators-llc-reports-6185667/
4. https://kvia.com/news/texas/stacker-texas/2023/08/03/the-biggest-health-care-data-breaches-you-should-know-about-in-texas/
5. https://www.classaction.org/news/2022-data-breach-ignites-class-action-lawsuit-against-bay-bridge-administrators
6. https://www.scmagazine.com/analysis/third-party-administrator-hack-leads-to-theft-of-patient-data-for-over-251k
7. https://www.scmagazine.com/brief/bay-bridge-administrators-data-breach-hits-more-than-251k-individuals
8. https://www.osha.gov/construction/engineering
9. https://www.msdlegal.com/blog/2023/01/bay-bridge-administrators-llc-data-breach-lawsuit-class-action-investigation/
10. https://www.doj.nh.gov/consumer/security-breaches/documents/bay-bridge-administrators-20221229.pdf
11. https://www.myinjuryattorney.com/data-breach-at-bay-bridge-administrators-llc/
12. https://www.securityweek.com/251k-impacted-data-breach-insurance-firm-bay-bridge-administrators/