Wisconsin Physicians Service Insurance Corporation Data Breach Investigation
Strauss Borrelli PLLC, a leading data breach law firm, is investigating Wisconsin Physicians Service Insurance Corporation (“WPS”), regarding its recent data breach. The WPS data breach may have involved sensitive personal identifiable information and protected health information belonging to over 940,000 individuals.
ABOUT WISCONSIN PHYSICIANS SERVICE INSURANCE CORPORATION:
WPS is a health benefits provider based in Wisconsin. Founded in 1946, WPS offers a variety of plans through its WPS Health Insurance division. Specifically, WPS Health Insurance offers Preferred Provider Organization (PPO) health plans and Medicare supplement plans, WPS Health Plan in Green Bay offers HMO and point-of-service plans to eastern and north-central Wisconsin, and a WPS subsidiary EPIC Life Insurance Company offers Medicare supplement plans in select states.2 WPS is also a provider of administrative services for the U.S. government, contracting with the Centers for Medicare and Medicaid Services (CMS) to manage Medicare Part A and Part B benefits for millions of seniors in multiple states.2 Headquartered in Madison, WI, WPS employs over 1,000 individuals.
WHAT HAPPENED?
Recently, WPS announced that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, WPS was notified by a third-party vendor used by WPS to transfer data, MOVEit, that it was compromised by a bad actor on or around May 31, 2023.1 As a result, WPS launched an investigation to determine the nature of the incident.
Through its investigation, WPS learned that sensitive personal information provided to WPS may have been viewed and taken by an unauthorized actor through a vulnerability in the MOVEit software between May 29 and May 31, 2023. As a result, WPS began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number or Individual Taxpayer Identification Number
- Date of birth
- Mailing address
- Medical information (such as gender, hospital account number, and dates of service)
- Health Insurance information (such as Medicare Beneficiary Identifier and/or Health Insurance Claim Number
As a result of the data breach, WPS and CMS are mailing written notifications to potentially impacted individuals. Additionally, CMS has posted a notice of the incident and sample letter on its website. Based on the breach notice on the CMS website, WPS will be providing affected individuals with a list of the specific type of sensitive information impacted and 12 months of complementary credit monitoring services. A link to the breach notification letter that CMS posted on its website below.
If you received a breach notification letter from Wisconsin Physicians Service Insurance Corporation:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
