Benefit Administrative Systems, LLC (BAS)
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Benefit Administrative Systems, LLC (BAS), based in Illinois, experienced a data breach that resulted in unauthorized access to personal and medically identifying information (PII and MII). The breach was detected by the company’s network monitoring systems, which alerted them to unauthorized access by individuals. A forensic investigation was initiated with the help of outside cybersecurity experts to analyze the scope of the incident. On November 1, 2022, it was confirmed that there had been an exfiltration of PII by unauthorized individuals[1].
The information accessed included full names, email addresses, health insurance group numbers, and health insurance member numbers. BAS assured that no social security numbers, passwords, dates of birth, addresses, phone numbers, financial account information, or medical/claim information were contained in the exfiltrated file[1][4].
BAS responded to the breach by sending notices to the victims and submitting a copy of this notice to the California Attorney General’s Office. They stated that they had no reason to believe that any personal information had been misused but notified customers out of an abundance of caution[1][4].
The potential risks from the stolen information include medical identity theft and insurance fraud, as well as the possibility of phishing attacks. To mitigate the aftermath of the breach, BAS recommended that affected individuals take advantage of complimentary identity protection services and remain vigilant by monitoring their accounts and credit reports[1].
For more detailed information, individuals can refer to the sample breach letter provided by BAS, which outlines the steps the company has taken to address the incident and the recommendations for affected parties to protect their information[4].
The breach at BAS is a reminder of the importance of cybersecurity measures and the potential consequences of such incidents. It also highlights the obligations of companies to notify affected individuals and take steps to prevent future breaches, as outlined in state data breach notification laws[2][5].
Citations:
- https://www.idstrong.com/sentinel/benefit-administrative-systems-data-breach/
- https://www.itgovernanceusa.com/data-breach-notification-laws
- https://www.jurist.org/news/2023/11/sri-lanka-supreme-court-rules-government-officials-breached-public-trust-in-management-of-the-economy/
- https://oag.ca.gov/system/files/BAS_sample_breach_letter.pdf
- https://www.perkinscoie.com/en/news-insights/security-breach-notification-chart-illinois.html
- https://wehotimes.com/lasd-seeks-help-in-locating-missing-person-jack-basil-cooper-last-seen-in-west-hollywood/
- https://www.edwardtechnology.com/post/homewood-il-benefit-administrative-systems-leaks-data-of-over-6-000-patients
- https://www.ptb.illinois.gov
- https://news.sky.com/story/bas-uk-staff-exposed-to-global-data-theft-spree-12896900
- https://archive.org/details/cadoj_benefit-administrative-systems–llc_sb24-562401
- https://www.g2.com/categories/breach-and-attack-simulation-bas
- https://hellocare.com.au/st-basils-adjourns-hearing-allegations-of-nine-health-and-safety-breaches/
- https://www.basusa.com/blog/annual-breach-notification-report
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.theguardian.com/australia-news/2024/jan/26/perth-lord-mayor-basil-zempilas-parliament-run-wa-liberal-party
- https://www.baslimited.com
- https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702&ChapterID=67
- https://www.wusa9.com/article/news/crime/man-arrested-another-wanted-for-armed-robbery-attempted-carjacking-in-northeast-dc/65-d46bea02-6b0d-46eb-af13-086df1b40fc2
- https://www.mondaq.com/unitedstates/employee-benefits-compensation/1261222/cybersecurity-breach-suits-raise-questions-about-liability-for-benefits-plans
- https://www.gartner.com/reviews/market/breach-and-attack-simulation-bas-tools
- https://www.portnews.com.au/story/8512559/st-basils-aged-care-home-covid-court-case-delayed/
- https://www.jdsupra.com/legalnews/benefit-plan-administrators-inc-3941545/
- https://llcbuddy.com/data/breach-and-attack-simulation-bas-statistics/
- https://www.businessdailyafrica.com/bd/news/mama-ngina-basil-criticos-sue-state-over-1-062-land-title-4472144