• 5
  • Hospitals
  • 5
  • TN
  • 5
  • International Paper Company Group Health and Welfare Plan (the “IP Plan”)

International Paper Company Group Health and Welfare Plan (the “IP Plan”)

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The International Paper Company Group Health and Welfare Plan (IP Plan), based in Memphis, Tennessee, experienced a data breach that was reported on November 14, 2023. The breach involved unauthorized access to a network server, which resulted in the exposure of sensitive personal information of 78,692 plan members[1]. The specific types of data that were compromised have not been detailed in the IP Plan’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, but affected individuals were sent data breach notification letters that should list the compromised information[1].

The IP Plan provides retirement, death, and disability benefits to eligible employees of the International Paper Company, which employs over 39,000 people and generates approximately $21 billion in annual revenue[1]. The breach was classified as a “Hacking / IT incident” and it is not clear whether the breach was a direct attack on the IP Plan or if it involved one of the Plan’s third-party vendors[1].

Affected individuals were advised to understand the risks and take steps to protect themselves from potential fraud or identity theft. They were also informed about their legal options following the breach[1]. The International Paper Company Group Health and Welfare Plan began its investigation by reviewing the compromised files to determine the extent of the information leaked and which consumers were impacted[1].

The incident is a reminder of the importance of robust cybersecurity measures and the potential legal and financial repercussions that can follow a data breach. It also highlights the need for companies to have incident response plans in place to quickly address such breaches and mitigate their impact[1].

Citations:

  1. https://www.jdsupra.com/legalnews/international-paper-company-group-4423115/
  2. https://newschannel9.com/news/local/thousand-impacted-by-data-breach-with-tennessee-consolidated-retirement-system
  3. https://www.jdsupra.com/legalnews/prospect-medical-holdings-announces-6511400/
  4. https://www.myinjuryattorney.com/data-breach-investigation-international-paper-company-group-health-and-welfare-plan/
  5. https://clarksvillenow.com/local/the-biggest-health-care-data-breaches-you-should-know-about-in-tennessee/
  6. https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
  7. https://oag.ca.gov/system/files/Welltok-International%20Paper%20Consumer%20Letter.pdf
  8. https://www.idstrong.com/sentinel/tennessee-employees-lose-their-data/
  9. https://studentprivacy.ed.gov/sites/default/files/resource_document/file/checklist_data_breach_response_092012_0.pdf
  10. https://www.hipaajournal.com/welltok-data-breach/
  11. https://www.wbir.com/article/news/local/security-breach-tennessee-retirement-system/51-f9b4e81b-ccea-46d7-9ea1-be24ef4fe28b
  12. https://www.securitymetrics.com/blog/6-phases-incident-response-plan
  13. https://www.mass.gov/doc/assigned-data-breach-number-31042-international-paper-company-11-29-23/download
  14. https://www.benefitspro.com/2023/10/24/the-moveit-data-breach-a-wake-up-call-for-retirement-plan-sponsors/?slreturn=20240017152104
  15. https://www.hipaajournal.com/november-2023-healthcare-data-breach-report/
  16. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
  17. https://consumer.sc.gov/identity-theft-unit/security-breach-notices
  18. https://www.techtarget.com/searchsecurity/feature/How-to-develop-a-data-breach-response-plan-5-steps
  19. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  20. https://www.strongdm.com/blog/writing-your-security-incident-response-policy
Breach Submission Date Nov 14, 2023
Converted Entity Name International Paper Company Group Health and Welfare Plan (the "IP Plan")
Converted Entity Type Health Plan
State TN
Individuals Affected 78,692
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes