Humana Inc. is a health insurance company based in Kentucky. The for-profit company oversees approximately 17.1 million patients and provides Medicare solutions and drug plans for qualified individuals. A recent data breach may have put all this data at risk.
According to the report filed with the Maine Attorney General’s Office, the data breach occurred following an external system breach. The assailants could access Humana member information by exploiting an unknown third party connected to ECHO Health, a provider payment processing subcontractor.
On August 9th, 2023, ECHO Health noticed suspicious activity on their website and immediately took down the application. They launched a comprehensive investigation and deployed new tactical standards and safeguards for all their applications. On October 3rd, Humana was notified of the breach and began notifying the state generals. Humana will notify impacted members of the data breach on November 3rd.
This breach impacts Human members, although the extent of the breach is still unknown. The Maine breach filing suggests over 2,000 people may feel impacts following the cyber event. Although little is public about the breach, Humana members are encouraged to take preventative actions.
The exact number of impacted files is unknown currently; the threat actors may have more than what Humana reports, or they may have been targeting something other than member data. Regardless of the threat actors’ goals, Humana members should consider hiring medical record monitoring services as soon as possible.