The company, which provides software for medical organizations, recently faced a large ransomware attack.
Young Consulting, also known as Connexure, is a software solutions organization that provides software for medical stop-loss insurance organizations. Young Consulting is based out of Atlanta, Georgia, but serves clients all over the United States.
The organization helps with marketing, underwriting, and the administering of medical stop-loss insurance for carriers, brokers, and third-party administrators.
Stop loss insurance, sometimes called excess insurance, is designed to protect self-funded employers from unexpected or high costs incurred by their employees for medical expenses.
Young Consulting works with a variety of health insurance plans, but this incident appeared to impact only members of Blue Shield of California, a mutual benefit corporation and health plan. Young Consulting is providing breach notices on behalf of Blue Shield.
According to Young Consulting’s breach notice on its website, the company initially experienced a data breach in the spring of 2024.
Through an investigation, Young Consulting determined that a breach had occurred between April 10th, 2024, and April 13th, 2024. The breach was noticed on April 13th, when the company began experiencing technical difficulties in their computer environment.
As soon as the breach was discovered, the company said they “immediately took certain systems offline to contain the incident and launched an investigation, with the assistance of a cybersecurity forensics firm, to determine the nature and scope of the event.”
Young Consulting has said their investigation continues, but the organization has determined that individuals who use Blue Shield of California were most heavily impacted.
Individuals with insurance through Blue Shield may have had their names, Social Security numbers, dates of birth, and insurance policy/claim information stolen.
On June 28th, 2024, Young Consulting alerted Blue Shield to the breach and worked with the insurance provider to identify the appropriate contact information of the victims. Notice letters were mailed out beginning August 26th.
The company also filed a notice of the incident to the Maine Attorney General. While Blue Shield of California was the primarily impacted organization, individuals resided in various states.
The notice showed that the breach impacted 954,177 individuals. It’s unclear where the majority of victims reside, but 847 were Maine residents.
Young Consulting is providing impacted individuals with one year of credit monitoring through TransUnion. The company said, “As part of its ongoing commitment to the privacy of information in its care, Young Consulting is reviewing its policies, procedures, and processes related to the storage and access of sensitive information to prevent a similar incident from occurring in the future.”
Recent reports suggest that the BlackSuit ransomware gang may have been responsible for the attack. The group allegedly emerged in early April/May of 2023 and may be based in Eastern Europe. They use similar tactics as another ransomware group, Royal, and could be a rebrand or include former members.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the organization uses exfiltration and extortion tactics and publishes victim data to a leak site if a ransom is not paid. Most successful BlackSuit attacks have been the result of phishing emails. Once in the victim’s network, BlackSuit is known to disable antivirus software and steal data. The organization usually demands ransoms between $1 million and $10 million.
Soon after the breach, BlackSuit claimed the attack on their website page. Although Young Consulting listed certain, specific information as accessed, BlackSuit claimed to have additional stolen data, including business data (contracts, contacts, etc), employee data (passports, contracts, family details, etc), financial data (audits, reports, etc), and additional data from shares and personal folders.
BlackSuit posted two links that allegedly led to the data. The organization also posted a cryptic message, stating, “Top management completely refused to negotiate, thinking that we are bluffing…Business partners and employees–REMEMBER, Young Consulting management does not care about you or your personal information.”
For organizations impacted by ransomware attacks, we’ve begun to see similar outcomes. Often, healthcare companies will go on to face class action lawsuits that can have devastating financial and reputational impacts. Several firms have already begun investigating the attack on Young Consulting to determine if negligence may have resulted in the breach.
Generally, most healthcare organizations, or their business associates, tend to settle class action lawsuits instead of taking them to trial, which can be costly and even more detrimental.
With more ransomware organizations emerging, it can be difficult for healthcare companies to stay on top of cybersecurity trends. Despite the challenge, it’s a necessity; data breaches can cause significant harm to impacted individuals, including identity theft and fraud. While some organizations have resorted to paying or negotiating with ransomware gangs, this strategy is not advisable, as it can make an organization prone to an attack in the future and doesn’t guarantee data won’t be sold.
For Young Consulting, the attack is likely a wake-up call on the importance of cybersecurity. For the companies Young Consulting works with, like Blue Shield, it’s a reminder that an organization is only as safe as their business associates.
Unfortunately, recent data shows breaches are increasing and often target organizations responsible for healthcare data, which is highly valuable on the dark web. Despite the threat, a shortage of cybersecurity experts leaves institutions vulnerable and ill-prepared.
But Cloudticity can help. As a HITRUST certified organization with over 10 years as a leader in managed security for healthcare, we’ve never suffered a data breach and have kept organizations secure despite the evolving threat landscape. We use a proven security tech stack with the best cybersecurity experts, ensuring your data is safe and any vulnerabilities are promptly addressed.
While attacks, and the associated costs, are rising, Cloudticity helps organizations focus their resources on serving patients instead of security concerns.
If you want to learn more about how we can help protect your organization from ransomware, reach out for a free consultation today.