Thousands of US military beneficiaries have data breached following TRICARE cyberattack — DoD Benefits Numbers and some Social Security numbers leaked

Security News

Thousands of US military beneficiaries have data breached following TRICARE cyberattack — DoD Benefits Numbers and some Social Security numbers leaked

Credit: The original article is published here.
  • TriWest Healthcare confirmed an April 16 breach in which an attacker accessed and downloaded sensitive data tied to 12,000 TRICARE beneficiaries
  • Stolen information includes names, DoD Benefits numbers, ZIP codes, authorization request types, and in some cases SSNs, addresses, and dates of birth
  • TriWest says it acted immediately to contain the intrusion and notify affected individuals; no group has claimed responsibility and stolen data has not surfaced online

US healthcare services company TriWest Healthcare networks recently suffered a cyberattack in which it lost sensitive customer data belonging to thousands of its clients’ users.

TriWest is a private company that manages government healthcare programs, primarily on behalf of the US Department of Defense (DoD) and the Department of Veterans Affairs (VA). One of its clients is TRICARE, a DoD healthcare program for active-duty service members, National Guard and Reserve members, military retirees, and their families.

According to Cybernews, TriWest recently started notifying TRICARE customers that an “unauthorized person” accessed its network on April 16 and “downloaded some TriWest information.” Citing data provided to the California State Attorney General’s Office, the publication says 12,000 TRICARE beneficiaries were recently notified of the breach.

Sounding the alarm

In a statement shared with Military Times, TriWest explained what it did the moment it spotted the intrusion: “With regard to timing, as soon as the incident was discovered, TriWest took immediate action to prevent any further unauthorized activity and worked diligently with the government to notify affected individuals, consistent with applicable law and notification timelines,” TriWest officials said.

The details about the incident, the nature of the attack, or the identity of the attackers, were not disclosed. We do know that the miscreants walked away with people’s names, DoD Benefits numbers, ZIP codes, types of authorization requests and, in some cases, Social Security numbers (SSN), postal addresses, and dates of birth.

At press time, the TriWest website, as well as the company’s newsroom, were offline. It is unclear if there is any connection to the data breach. So far, no threat actors claimed responsibility for the attack, and the data is yet to surface on the dark web.

In the meantime, TRICARE beneficiaries are warned to be wary of incoming emails, especially those claiming to come from the program or the company.

Via Cybernews

Leave a Reply

Your email address will not be published. Required fields are marked *