A major data breach has been announced by New Era Life Insurance Companies, affecting more than 335,000 individuals. The breach exposed protected health information (PHI) from policyholders, agents, and insurance carrier partners.
What happened
On December 18, 2024, New Era Life Insurance detected suspicious activity within its computer network. Immediate action was taken to isolate affected systems, and third-party cybersecurity experts were engaged to investigate. The investigation determined that an unauthorized party had accessed New Era’s network between December 9 and December 18, 2024, during which sensitive files were copied.
On January 31, 2025, New Era completed its review of the compromised files, confirming that data belonging to policyholders, beneficiaries, agents, and employees had been exposed. The compromised information includes names, addresses, birth dates, Social Security numbers, financial account details, health insurance data, and medical information.
On February 11, 2025, New Era Enterprises, Inc. filed a notice of the breach with the Maine Attorney General. New Era also began sending notification letters to affected individuals, listing the compromised data and providing information on protective measures, including complimentary credit monitoring and identity theft protection services.
What was said
The New Era Life Insurance breach notification letter states, “We’d like to remind individuals that it is always a good idea to be vigilant [for] fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity.”
“We apologize for any concern or inconvenience this incident may cause. To help prevent something like this from happening again, New Era has implemented and will continue to adopt, additional safeguards and technical security measures to further protect and monitor its systems.”
“Upon detecting suspicious activity, we acted immediately to isolate affected systems and engaged third-party cybersecurity experts to investigate. We regret any inconvenience this may cause and are committed to protecting our policyholders.”
Why it matters
Affected individuals are now at risk of identity theft, fraudulent financial transactions, and potential misuse of their medical information. To mitigate these risks, these individuals must monitor their credit reports, set up fraud alerts, and enroll in the free credit monitoring service offered.
Covered entities, like New Era Life Insurance, must improve their cybersecurity to protect their customers and avoid costly fines associated with HIPAA violations.
Read also: Higher HIPAA penalties announced
FAQs
What does HIPAA protect?
It protects personally identifiable health information, including names, Social Security numbers, medical records, and insurance details.
Are insurance companies covered under HIPAA?
Yes, insurance companies that handle protected health information (PHI) must comply with HIPAA regulations.
What is a HIPAA data breach?
A HIPAA data breach occurs when unauthorized individuals access, use, or disclose PHI without permission.
