On June 21, 2023

16,000 Vermont health insurance customers affected by data theft

 

The cyberattack mostly impacted members of Vermont Blue Advantage

By Tiffany Tan/VTDigger

The personal information of at least 16,000 Vermont health insurance customers was stolen in a cyberattack in January — more than twice the number originally reported.

The affected people included over 14,000 Vermont residents, of whom 13,700 were members of Vermont Blue Advantage health insurance plans, the state Attorney General’s Office said this week.

It said the other residents were on different insurance plans: nearly 300 with Aetna ACE and about 50 with UAW Retiree Medical Benefits Trust.

Another roughly 2,250 individuals were members of Vermont Blue Advantage who lived out of state, according to Blue Cross Blue Shield of Vermont, an owner of the privately managed Medicare Part C plan. The company said that, nationwide, the cyberattack affected thousands of organizations and millions of people.

VTDigger reported earlier this month that the Jan. 30 data breach of an IT management software company, Fortra LLC, compromised the personal information of 7,000 retired Vermont teachers who were members of Vermont Blue Advantage, based on information from the state treasurer’s office. (Fortra provided software that Vermont Blue Advantage used to exchange files with its supplemental benefits administrator, NationsBenefits.)

After the story was published, VTDigger received multiple messages from Vermont retirees affected by the data breach — people who were not retired teachers and wondered about the extent of the breach within the state.

The state Attorney General’s Office didn’t learn until May 26 that over 14,000 Vermont residents were involved, said spokesperson Lauren Jandl. 

Blue Cross Vermont said the company didn’t inform the state Department of Financial Regulation of the data breach until late last Thursday, because of a miscommunication between it and NationsBenefits about who was going to contact the department. 

Blue Cross spokesperson Sara Teachout said NationsBenefits had sent a letter to each affected member, detailing what personal information was stolen in the data breach.

She said that information included names, dates of birth, addresses, medical and insurance details and, for 5% of the affected customers, their bank information. The company said no Social Security numbers or credit card numbers were taken.

When asked why NationsBenefits sent the notification letters — which some recipients initially thought was junk mail because they had never dealt with that entity — Teachout said that was NationsBenefits’ responsibility in the incident.

“As the company that experienced the cyberattack and resulting data breach, NationsBenefits is responsible for notifying impacted parties,” she said in an email.

Teachout said NationsBenefits, Blue Cross and Vermont Blue Advantage also reported the breach to the Office for

Do you want to submit feedback to the editor?

Send Us An Email!

Related Posts

Two members, including chair, resign from the Commission on the Future of Public Education in Vermont

June 25, 2025
By Corey McDonald/VTDigger Two members of the Commission on the Future of Public Education in Vermont, including the commission’s chair, announced last week they would be resigning, saying they no longer believed their efforts would make any impact. Meagan Roy, the chair of the commission, and Nicole Mace, the former representative of the Vermont School Boards…

Vt plastic bag use dropped 91% following ban, researchers find

June 25, 2025
In the midst of 2020 Covid measures, another change took place in Vermont: A law went into effect banning businesses from offering plastic bags to customers, with paper bags only available for a fee. A 2023 analysis of a survey of hundreds of Vermonters found the law appeared to have worked. Plastic bag use in…

A Roadmap

June 25, 2025
The Vermont Legislature adjourned Monday evening, June 16, following the passage of H.454, the education reform plan. I call it a roadmap as the legislation lays out a list of changes that will take place over the next few years. And as various studies and reports come back in, there will also likely be adjustments,…

Vermont to get over $21 million in nationwide settlement with Purdue Pharma and the Sacklers

June 25, 2025
Attorney General Charity Clark announced June 16 that all 55 attorneys general, representing all eligible states and U.S. territories, have agreed to sign on to a $7.4 billion settlement with Purdue Pharma and its owners, the Sackler family. This settlement was reached after the previous settlement was rejected by the U.S. Supreme Court. It resolves…