Ascendo Insurance recently announced a breach impacting over 16,000.
What happened
Between May 13 and June 17, 2024, a ransomware group gained unauthorized access to Landmark Admin's computer network, a business associate of Accendo Insurance Company. The breach was discovered when suspicious activity was detected in the system.
What's new
Accendo Insurance Company disclosed to the South Carolina Attorney General on February 5, 2025, that 16,090 South Carolina residents were affected by the breach. Landmark Admin is currently issuing notifications to affected individuals on a rolling basis.
Why it matters
The exposed information includes highly sensitive data such as Social Security numbers, medical information, and health insurance details, putting affected individuals at risk of identity theft and medical fraud. According to IBM's 2024 Cost of a Data Breach Report, healthcare data breaches cost an average of $4.88 million.
The big picture
This incident shows the vulnerability of healthcare data through third-party vendors. As a CVS Health subsidiary and Aetna affiliate, Accendo's breach impacts a significant portion of the healthcare insurance ecosystem.
Looking ahead
The incident may lead to increased scrutiny of business associate relationships in healthcare. The Office for Civil Rights has signaled stricter enforcement of business associate compliance in 2025, with potential fines reaching up to $1.5 million per violation category.
Learn more: How to secure email communications with third-party vendors
FAQs
What immediate steps should be taken?
Review any data sharing processes with Accendo Insurance and their business associates. Implement additional verification procedures for insurance claims and monitor for any unusual claim patterns.
How can potential compromise be identified?
Watch for unusual insurance claim activities, unexpected claim rejections, or irregular payment patterns. Document and report any suspicious transactions to Accendo's security team.
What security measures should be implemented?
Review and strengthen business associate agreements, enhance access controls for insurance processing systems, and ensure staff is trained on identifying potential security threats.
