Ascendo Insurance recently announced a breach impacting over 16,000.
Between May 13 and June 17, 2024, a ransomware group gained unauthorized access to Landmark Admin's computer network, a business associate of Accendo Insurance Company. The breach was discovered when suspicious activity was detected in the system.
Accendo Insurance Company disclosed to the South Carolina Attorney General on February 5, 2025, that 16,090 South Carolina residents were affected by the breach. Landmark Admin is currently issuing notifications to affected individuals on a rolling basis.
The exposed information includes highly sensitive data such as Social Security numbers, medical information, and health insurance details, putting affected individuals at risk of identity theft and medical fraud. According to IBM's 2024 Cost of a Data Breach Report, healthcare data breaches cost an average of $4.88 million.
This incident shows the vulnerability of healthcare data through third-party vendors. As a CVS Health subsidiary and Aetna affiliate, Accendo's breach impacts a significant portion of the healthcare insurance ecosystem.
The incident may lead to increased scrutiny of business associate relationships in healthcare. The Office for Civil Rights has signaled stricter enforcement of business associate compliance in 2025, with potential fines reaching up to $1.5 million per violation category.
Learn more: How to secure email communications with third-party vendors
Review any data sharing processes with Accendo Insurance and their business associates. Implement additional verification procedures for insurance claims and monitor for any unusual claim patterns.
Watch for unusual insurance claim activities, unexpected claim rejections, or irregular payment patterns. Document and report any suspicious transactions to Accendo's security team.
Review and strengthen business associate agreements, enhance access controls for insurance processing systems, and ensure staff is trained on identifying potential security threats.