Data Breach at Texas Benefits Recovery Firm

The personal data of over a quarter of a million people has been exposed following a malicious hack perpetrated against a Texas billing and collection company.

Houston-based company Benefit Recovery Specialists, Inc. (BRSI) discovered a data breach had occurred after detecting the installation of malware on its systems. 

The malware may have allowed unauthorized individuals to view and obtain the personal and protected health information (PHI) of 274,837 people. 

BRSI provides billing and collection services to certain healthcare providers and payers. The data exposed by the attack included the private and personal information of current or former members of these plans or healthcare providers.

In a data breach notice, BRSI said that the types of personal information impacted by the cybersecurity incident “may include name, date of birth, date of service, provider name, policy identification number, procedure code and/or diagnosis code.”

The company added that the Social Security numbers of “a small number of individuals” may also have been exposed.

An internal investigation was launched after the malware was discovered by BRSI on April 30 2020. Forensic specialists were hired to uncover how the attack was carried out and to determine how far the attackers managed to penetrate company systems.

Investigators found that an unauthorized individual had gained access to the company’s systems using stolen employee credentials. After entering the network, the attacker installed malware.

Exactly what malware was installed by the bad actor was not stated in the breach notice published by BRSI on its website. The company did share that the unknown attacker first gained access to BRSI systems on April 20 2020.

The investigation “further revealed that certain BRSI customer files containing personal information may have been accessed and/or acquired by the unknown actor between April 20 2020 and April 30 2020.”

BRSI began notifying customers of the cybersecurity incident around June 2.

The company stated: “While BRSI is unaware of any misuse of personal information impacted by this event, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and report any suspicious activity immediately to their insurance company, health care provider, or financial institution.”

What’s Hot on Infosecurity Magazine?