Insurance Broker Data Breach Impacts 1.5M Individuals

January 31, 2024 - Insurance brokerage company Keenan & Associates recently notified more than 1.5 million individuals of a data breach. Keenan provides insurance and risk management solutions for schools, colleges, and healthcare organizations.

According to a breach notice provided to the Maine Attorney General’s Office, Keenan discovered disruptions on its servers on August 27, 2023. Further investigation determined that an unauthorized party had gained access to certain Keenan internal systems between August 21 and August 27 and obtained some data.

Keenan explained that it is often provided access to personal information as part of client engagement.

The unauthorized party was potentially able to obtain names, dates of birth, driver’s license numbers, Social Security numbers, health insurance information, and general health information.

Keenan offered 24 months of identity theft protection services to impacted individuals and has since implemented additional security safeguards.

North Carolina Health System Breach Impacts 132K

Columbus Regional Healthcare System filed a breach notice with the Maine Attorney General’s Office regarding a May 2023 data security incident that impacted 132,887 individuals.

Upon discovering unauthorized access to its systems, Columbus Regional Healthcare System launched an investigation and engaged cybersecurity experts to determine the scope of the incident. The investigation concluded on December 28, 2023.

The impacted data, which was removed from the health system’s network by an unauthorized party, included names in combination with Social Security numbers, financial information, and health information.

The health system stated that it was not aware of any reports of identity fraud or improper use of information as a result of the incident.

“Please accept our apologies that this incident occurred,” the notice continued. “We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.”

569K Impacted by Plaza Radiology Breach

Plaza Radiology, which does business under the name Chattanooga Imaging, notified 569,022 individuals of a data breach that occurred in October 2023. The practice serves patients at seven locations in Tennessee and North Georgia.

Plaza fell victim to a cyber incident on October 21, 2023 and immediately engaged a cybersecurity firm to conduct an investigation. The results of the investigation are still being analyzed, but Plaza wanted to notify patients of potential access to their sensitive information.

So far, the investigation had revealed that an unauthorized party had accessed a small number of files.

“The investigation just concluded; however, the types of information involved is currently being analyzed,” the notice stated. “If sensitive information is found to have been potentially compromised, a formal notice letter will be sent to those who have had their sensitive information impacted, and the letter will identify the types of information involved.”

Since the incident, Plaza has changed passwords, replaced multiple computers and servers, increased training, and enabled multifactor authentication.