blackbasta attacks Health Plan services inc.

Incident Date:

July 6, 2022

World map



blackbasta attacks Health Plan services inc.


Health Plan services inc.




Tampa, USA

Florida, USA

First Reported

July 6, 2022

Healthplan Services Inc. Ransomware Attack

Overview of the Incident

Healthplan Services Inc., a prominent provider of insurance services, recently fell victim to a ransomware attack orchestrated by the Blackbasta group. Operating within the insurance sector, Healthplan Services Inc. offers a diverse array of services, including reinsurance, marine, property, aviation, accident, health, life, and other insurance services, catering to a broad customer base in the United States.

Although the exact size of Healthplan Services Inc. is not detailed, comparisons with Group Health Cooperative of South Central Wisconsin (GHC-SCW)—which boasts 79,000 members—suggest Healthplan Services Inc. might serve a similarly extensive clientele. This wide-ranging service offering, while beneficial, potentially exposes the company to increased cyber threats due to a larger attack surface.

Vulnerabilities and Attack Details

The specific vulnerabilities exploited in the attack on Healthplan Services Inc. remain undisclosed. However, insights from a related incident involving GHC-SCW, which thwarted a ransomware attempt yet suffered a data breach affecting over 533,000 individuals, imply that similar weaknesses could have been leveraged. Attack vectors such as phishing, unpatched software, or inadequate password policies are common culprits in such breaches.

Blackbasta, the ransomware group claiming responsibility for this attack, is notorious for its ALPHV or BlackCat ransomware, which it rents to other cybercriminals. This incident underscores the ongoing trend of ransomware attacks targeting the healthcare sector, causing significant operational disruptions.

The attack on Healthplan Services Inc. underscores the critical need for robust cybersecurity measures within the insurance sector, particularly for entities offering a wide range of services. While the full extent of the breach and the specific data compromised have not been detailed, the incident serves as a stark reminder of the cybersecurity challenges facing the insurance industry.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.