International Paper Company Group Health and Welfare Plan (the “IP Plan”)
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The International Paper Company Group Health and Welfare Plan (IP Plan), based in Memphis, Tennessee, experienced a data breach that was reported on November 14, 2023. The breach involved unauthorized access to a network server, which resulted in the exposure of sensitive personal information of 78,692 plan members[1]. The specific types of data that were compromised have not been detailed in the IP Plan’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, but affected individuals were sent data breach notification letters that should list the compromised information[1].
The IP Plan provides retirement, death, and disability benefits to eligible employees of the International Paper Company, which employs over 39,000 people and generates approximately $21 billion in annual revenue[1]. The breach was classified as a “Hacking / IT incident” and it is not clear whether the breach was a direct attack on the IP Plan or if it involved one of the Plan’s third-party vendors[1].
Affected individuals were advised to understand the risks and take steps to protect themselves from potential fraud or identity theft. They were also informed about their legal options following the breach[1]. The International Paper Company Group Health and Welfare Plan began its investigation by reviewing the compromised files to determine the extent of the information leaked and which consumers were impacted[1].
The incident is a reminder of the importance of robust cybersecurity measures and the potential legal and financial repercussions that can follow a data breach. It also highlights the need for companies to have incident response plans in place to quickly address such breaches and mitigate their impact[1].
Citations:
- https://www.jdsupra.com/legalnews/international-paper-company-group-4423115/
- https://newschannel9.com/news/local/thousand-impacted-by-data-breach-with-tennessee-consolidated-retirement-system
- https://www.jdsupra.com/legalnews/prospect-medical-holdings-announces-6511400/
- https://www.myinjuryattorney.com/data-breach-investigation-international-paper-company-group-health-and-welfare-plan/
- https://clarksvillenow.com/local/the-biggest-health-care-data-breaches-you-should-know-about-in-tennessee/
- https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
- https://oag.ca.gov/system/files/Welltok-International%20Paper%20Consumer%20Letter.pdf
- https://www.idstrong.com/sentinel/tennessee-employees-lose-their-data/
- https://studentprivacy.ed.gov/sites/default/files/resource_document/file/checklist_data_breach_response_092012_0.pdf
- https://www.hipaajournal.com/welltok-data-breach/
- https://www.wbir.com/article/news/local/security-breach-tennessee-retirement-system/51-f9b4e81b-ccea-46d7-9ea1-be24ef4fe28b
- https://www.securitymetrics.com/blog/6-phases-incident-response-plan
- https://www.mass.gov/doc/assigned-data-breach-number-31042-international-paper-company-11-29-23/download
- https://www.benefitspro.com/2023/10/24/the-moveit-data-breach-a-wake-up-call-for-retirement-plan-sponsors/?slreturn=20240017152104
- https://www.hipaajournal.com/november-2023-healthcare-data-breach-report/
- https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
- https://consumer.sc.gov/identity-theft-unit/security-breach-notices
- https://www.techtarget.com/searchsecurity/feature/How-to-develop-a-data-breach-response-plan-5-steps
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.strongdm.com/blog/writing-your-security-incident-response-policy