Cyber Threat Radar – A data breach involving Young Consulting may have jeopardized the medical insurance information of over 950,000 individuals.
A data breach resulting from a ransomware attack has potentially compromised the medical insurance information of over 950,000 individuals. This incident occurred at Young Consulting, a software firm located in Atlanta that specializes in providing integrated software solutions for the administration (underwriting, marketing, and management) of medical stop-loss insurance.
Data Breach Notice Submitted By Young Consulting
A breach notice submitted to the Maine Attorney General’s office indicates that Young Consulting encountered technical issues in its computer systems on April 13, 2024. Subsequent investigations revealed that unauthorized access was made to Young Consulting’s network from April 10 to April 13 and downloaded copies of specific files.
The details compromised in the breach differed among individuals, encompassing:
- Names
- Date of Birth
- Social Security Number
- Insurance Policy Information
- Claim Details
Blue Shield of California also informed patients about the Young Consulting breach and advised those affected to consult Young Consulting’s breach notice for further information.
“We immediately took certain systems offline to contain the incident and launched an investigation, with the assistance of a cybersecurity forensics firm, to determine the nature and scope of the event. The investigation determined that an unauthorized actor gained access to Young Consulting’s network between April 10th, 2024, and April 13th, 2024, and downloaded copies of certain files,” stated Young Consulting’s breach notice.
BlackSuit Ransomware Group Targeting Healthcare Sector
The BlackSuit ransomware group has taken responsibility for the ransomware attack that led to this significant data breach. In November 2023, the HHS Health Sector Cybersecurity Coordination Center (HC3) released an analyst note concerning BlackSuit, cautioning that BlackSuit “is expected to pose a credible threat” to the healthcare industry.
CISA (Cybersecurity and Infrastructure Security Agency) states that BlackSuit is a rebranded version of Royal, which was previously employed against the healthcare sector in 2022 and 2023. In its updated alert from August 2024, CISA highlighted that BlackSuit exhibits many coding similarities to Royal and has shown enhanced capabilities.
CISA urged cybersecurity professionals to focus on addressing known vulnerabilities, implement multifactor authentication, and educate users on identifying and reporting phishing attempts. Young Consulting reported that it promptly acted to secure its systems upon learning of the incident and recommended that those affected utilize free credit monitoring and identity theft recovery services.
SentryBay’s Armored Client Deployed By Healthcare Providers
“Earlier this year, the FBI issued a warning regarding the swift proliferation of BlackSuit ransomware across multiple critical infrastructure sectors, with ransom demands reaching up to $60 million from affected organizations,” said Liam Davenport, Global Cybersecurity Account Director, SentryBay. “The Cyber Defense Research Team concur with CISA that BlackSuit ransomware is a rebranding of the notorious Royal ransomware group, exhibiting many coding similarities. SentryBay’s Armored Client is deployed by several healthcare providers to neutralize credential theft and data leakage threats securing all major VDI, DaaS and Web environments, client types and operating systems. Leading preventative controls secure all data from keylogging, screen capture, token theft and malicious injection threats on the endpoint.”
