Renaissance Life & Health Insurance Company of America has announced that one of its third-party vendors, Secure Administrative Solutions (SAS), has experienced a data breach that may impact the privacy of some Renaissance customers’ health information.
“We take this incident very seriously and are committed to protecting the privacy and security of information shared with third parties who provide services to our policyholders,” said Robert Mulligan, president and CEO of Renaissance.
Renaissance said that it recently received notice of the breach from SAS. On June 1, SAS reported that the data breach resulted in the exfiltration of some protected health information related to its clients. Upon learning of the breach, Renaissance worked with SAS to determine the scope of the data at issue and whether it was related to Renaissance policyholders. The details Renaissance received from SAS indicated that information related to some Renaissance policyholders was present on impacted SAS systems.
SAS said the period of unauthorized access occurred between March 15 and April 15, and that it had notified the FBI of the breach.
“Renaissance understands that the exfiltrated information has been destroyed by the unauthorized actor, by that the identity of the unauthorized actor is unknown,” Renaissance said.
SAS said that the impacted data may have included names, addresses, dates of birth, health insurance policy numbers, and other health insurance information. However, the incident did not impact any Renaissance policyholders’ Social Security numbers or financial information.
Read next: Calls for ‘Cyber Hippocratic Oath’
Renaissance said that SAS has acquired the services of cybersecurity specialists to investigate the incident and mitigate any potential harm. The vendor is also implementing additional cybersecurity measures.
Renaissance is offering affected policyholders access to 12 months of complementary credit monitoring and identity restoration services through TransUnion.