The personal information of over 16,000 Vermont health insurance customers was compromised in a cyberattack, a number more than twice the initial report. Primarily affecting members of Vermont Blue Advantage, the breach also impacted individuals with Aetna ACE and UAW Retiree Medical Benefits Trust plans. The incident, linked to an IT management software company named Fortra LLC, exposed details like names, dates of birth, addresses, medical and insurance information, and, for 5% of those affected, bank information. The breach, discovered in January, became known through a VTDigger inquiry, raising concerns about the extent of the incident within the state.
Following the data breach on January 30, involving Fortra LLC, the state Attorney General’s Office revealed that over 14,000 Vermont residents were affected. The breach primarily involved retired Vermont teachers who were members of Vermont Blue Advantage, but it also affected other plan holders. Blue Cross Blue Shield of Vermont reported that nearly 2,250 individuals, who were members of Vermont Blue Advantage but lived out of state, were also impacted. The company assured that despite the severity of the breach, no Social Security numbers or credit card numbers were compromised.
Vermont Blue Advantage, the target of this cyberattack, manages over $5 billion in funds and serves around 6,000 private individuals. The breach involved an IT management software company, Fortra LLC, which facilitated file exchanges with Vermont Blue Advantage’s supplemental benefits administrator, NationsBenefits. The incident came to light when an employee reported being locked out of their email account, and subsequent investigations revealed the extent of the compromise. Blue Cross Blue Shield of Vermont and NationsBenefits are actively collaborating with authorities to address the aftermath of the breach and provide necessary support to affected individuals.
