GuideWell subsidiary WebTPA, a health benefits administrator, has started notifying more than 2.4 million members about a data breach that occurred in April 2023, The HIPAA Journal reported May 20.
The breach was first detected on December 28, and WebTPA determined that members' information was potentially obtained between April 18 and April 23, 2023.
The compromised data included contact information, birthdays, date of death, Social Security numbers, and benefits information. Financial and health information were not compromised, according to the report.
Customers were notified about WebTPA's investigation on March 25, and the breach was reported to HHS’ Office for Civil Rights May 8. The company said it is unaware of misuse of member information, and affected members were offered two years of credit monitoring and identity theft services.
In May, Oakland, Calif.-based Kaiser Foundation Health Plan began notifying 13.4 million current and former patients that it shared information with third-party advertisers. Optum's Change Healthcare was breached in February, but it is unconfirmed how many individuals were affected.
GuideWell is also the parent company of Florida Blue.