STAMFORD, Conn., May 8, 2023 /PRNewswire/ -- Silver Golub & Teitell LLP (SGT), a leading plaintiffs' class action law firm based in Connecticut, is currently investigating potential claims against NationsBenefits Holdings, LLC, ("NationsBenefits"), Fortra, LLC ("Fortra") and Aetna Inc. ("Aetna") following a data breach that exposed the sensitive personal information of over 3 million health plan members (the "Data Breach"). NationsBenefits is a provider of supplemental benefits, flex cards, and member engagement solutions to health plans and managed care organizations. NationsBenefits uses software provided by Fortra to transfer sensitive policyholder information to health insurer Aetna.

The information exposed includes victims' names, addresses, account id numbers, and social security numbers,

On April 27, 2023, NationsBenefits began mailing notification letters to Data Breach victims informing them that their sensitive personal information, now confirmed to include their name, address, health care account id numbers, and social security numbers, was compromised in a data breach that occurred on Fortra's systems.

The Data Breach occurred after a ransomware group targeted NationsBenefits via third-party vendor Fortra's GoAnywhere MFT file transfer software on January 30, 2023. The group exploited a previously unknown (zero-day) vulnerability in Fortra's software to access and exfiltrate data victims' personal information. The compromised information includes first and last names, addresses, phone numbers, dates of birth, genders, health plan subscriber ID numbers, Social Security numbers, and/or Medicare numbers of health plan members from Aetna, Elevance Health Flexible Benefit Plan, UAW Retiree Medical Benefits Trust, and others.

While other healthcare organizations were also affected, NationsBenefits is currently the worst affected, with more than 3,037,303 individuals impacted by the breach. In total, over 4 million individuals had their protected health information stolen in these attacks. NationsBenefits has since strengthened its security measures, taken its MFT servers permanently offline, and transitioned to an alternative file transfer solution.

