Re: Notice of Data Breach
WebTPA Employer Services, LLC (“WebTPA”) recently detected a data security incident impacting certain systems on our network. WebTPA acts as an administrative services provider to certain benefit plans and insurance companies whose information was impacted in this incident.
On December 28, 2023, we detected evidence of suspicious activity on the WebTPA network that prompted us to launch an investigation. Upon detecting the incident, we promptly initiated measures to mitigate the threat and further secure our network. We also launched an investigation with the support of industry leading third-party cybersecurity experts and notified federal law enforcement. The investigation concluded that the unauthorized actor may have obtained personal information between April 18 and April 23, 2023. WebTPA promptly informed benefit plans and insurance companies about the incident and the potential exposure of personal information. WebTPA then diligently worked to confirm the extent of impacted data, which we provided to benefit plans and insurance companies on March 25, 2024.
The information that was impacted may have included name, contact information, date of birth, date of death, Social Security number, and insurance information. Not every data element was present for every individual.
WebTPA is offering individuals two years of complimentary identity monitoring services through Kroll. We also deployed additional security measures and tools with the guidance of third-party cybersecurity experts to further strengthen the security of our network.
WebTPA is not aware of any misuse of benefit plan member information as a result of this incident. Financial information, such as financial account information or credit card numbers, and treatment or diagnostic information were not impacted. It is always advisable to remain vigilant against attempts at identity theft or fraud, which includes carefully reviewing credit reports and Explanations of Benefits (“EOBs”) from your benefit plans for suspicious activity. If you identify suspicious activity, you should contact the entity that maintains the information on your behalf.
WebTPA has established a dedicated call center to answer questions. If you have any questions regarding this incident, please call (866) 495-9179 Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays. Agentes de llamadas que hablan español pueden estar disponibles con solicitud.