A Louisiana-based claims administration firm was hit with a data breach that impacted 22,300 people and exposed a wide range of private information.
Risk Management Services LLC is a third-party administrator for self-insured funds/groups and self-insured employers that aims to “provide precise, timely, and reasonable indemnity and medical benefits to employees injured on the job.”
-->The firm notified the Office of the Maine Attorney General this week that it had been hacked by an external actor back in February.
“An unauthorized individual gained access to our systems via a remote connection. This occurred due to a subcontractor’s failure to follow established security protocols. We immediately contained the breach and launched a thorough investigation. This issue has since been resolved.”
In a notification sent to victims of the breach last week, Risk Management Services notes that possible stolen information includes names, residential addresses, Social Security numbers, dates of birth and medical records.
The firm says no financial account, credit card or debit card information was involved.
“We take the privacy and security of your information very seriously. In response to this incident, we have:
• Engaged cybersecurity experts to investigate and secure our systems.
• Assessed the scope of unauthorized access.
• Notified appropriate regulatory agencies, including the FBI.
• Implemented additional safeguards to prevent future incidents.”
Risk Management Services says it’s offering 12 months of identity theft and credit monitoring services to impacted victims.
