TTEC Healthcare Solutions

TTEC Healthcare Solutions, Inc. (“TTEC”) experienced a cyber incident that involved unauthorized access to data files stored on TTEC’s systems between March 4, 2021, and September 12, 2021[1]. The breach was part of a ransomware attack that affected TTEC’s operations, including customer support and sales online and over the phone[2]. TTEC is a company that provides customer support and other services to various clients, including healthcare organizations.

During the incident, an unauthorized actor viewed or downloaded data files, which included personal information such as names, addresses, dates of birth, and Medicare ID numbers[1]. TTEC took immediate measures to contain the incident, including engaging cybersecurity firms, notifying law enforcement, and working to support the investigation. The forensic investigation is now complete, and TTEC has been working with law enforcement authorities, including the FBI[1].

As a result of the breach, TTEC and Health Net faced a class action lawsuit, which they agreed to settle for $2.5 million. The settlement benefits consumers whose protected health information and/or personal identifying information was stored by TTEC and affected by the breach. Under the terms of the settlement, class members could receive a basic payment of $100, with California subclass members eligible for an additional $100. Those who experienced data breach-related losses or expenses could seek up to $5,000 in additional reimbursement[10].

The New York State Department of Financial Services (DFS) also issued a consent order against TTEC Healthcare Solutions, Inc., for improperly certifying compliance with the Cybersecurity Regulation for the 2020 calendar year. The consent order detailed the ransomware attack and the exfiltration of data, including nonpublic information (NPI) of employees and insureds, and acknowledged TTEC HS’s cooperation throughout the investigation[8].

Affected individuals were advised to take steps to protect their information, such as reviewing account statements, placing a fraud alert or security freeze on their credit files, and contacting the Federal Trade Commission for information on how to prevent or avoid identity theft[1].

Citations:

1. https://www.sunshinehealth.com/newsroom/vendor-ttec-healthcare-solutions-cyber-incident.html
2. https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/
3. https://www.ttecjobs.com/en/customer-service
4. https://www.bcbsil.com/company-info/stay-informed/alerts-announcements/9-5-23-ttec-data-incident.html
5. https://krebsonsecurity.com
6. https://www.justice4you.com/blog/health-net-and-ttec-data-breach.html
7. https://www.utfinancial.org
8. https://www.dfs.ny.gov/system/files/documents/2022/12/ea20221202_ttec_hs.pdf
9. https://www.payactiv.com
10. https://topclassactions.com/lawsuit-settlements/closed-settlements/ttec-health-net-data-breach-2-5m-class-action-settlement/
11. https://www.sentinelone.com
12. https://www.thelyonfirm.com/class-action/data-breach/ttec/
13. https://www.bbc.com/innovation
14. https://news.bloomberglaw.com/litigation/ttec-services-to-pay-2-5-million-to-settle-data-breach-suit
15. https://www.pingidentity.com/en.html
16. https://www.jdsupra.com/legalnews/blue-cross-blue-shield-of-illinois-2507607/
17. https://www.tmf-group.com