In May 2024, Texas-based third-party insurance administrator Landmark Admin experienced a ransomware attack that exposed and encrypted the sensitive information of over 806,000 individuals. The breach, which began when unusual activity was detected on Landmark’s systems on May 13, lasted until June 17 and led to the unauthorized access of various customer data, including Social Security Numbers, government-issued IDs, and medical and insurance information. This incident is the latest example of the escalating cybersecurity challenges facing industries handling sensitive data, including insurance and healthcare, and provides important lessons on the need for robust defenses against ransomware attacks.
Upon discovering the suspicious activity, Landmark Admin immediately took steps to contain the threat by disconnecting affected systems and enlisting cybersecurity experts to conduct a forensic investigation. Despite their rapid response, investigators found the attackers had exfiltrated and encrypted sensitive files. The investigation revealed that the cybercriminals had managed to access customer information such as names, addresses, tax identification numbers, and bank account details, as well as medical records and health insurance policy numbers.
In response, Landmark Admin initiated notifications to affected customers, offering 12 months of identity theft protection services through IDX, a ZeroFox company specializing in data breach recovery. The company advised individuals to closely monitor their financial accounts and credit reports for suspicious activity and assured customers that it had restored impacted systems, reported the incident to law enforcement, and implemented additional security measures to mitigate future risks.
Go deeper: Landmark Admin data breach exposes personal information of 800,000
This breach at Landmark Admin accentuates the need for companies, particularly those handling large volumes of personal information, to prioritize cybersecurity. Here are several lessons learned from this incident:
Ransomware attacks are rising across sectors, with global incidents up by more than 50% in recent years. Within HIPAA-regulated entities alone, ransomware incidents increased by 102% from 2019 to 2023. Given these statistics, companies should not wait for an attack to review their defenses. Regularly updating cybersecurity protocols and software, investing in advanced threat detection, and scheduling frequent security audits can help identify and address vulnerabilities before attackers exploit them.
Landmark Admin’s quick response to disconnect systems and enlist cybersecurity experts limited the potential damage of the breach. However, even a swift response is not enough without a comprehensive incident response plan that includes specific steps for containment, communication, and restoration. A robust incident response plan, combined with employee training on best cybersecurity practices, can minimize the impact of a breach and speed up recovery times.
Learn more: Developing a HIPAA compliant incident response plan for data breaches
Landmark Admin responded responsibly by notifying affected individuals promptly and offering identity protection services. This action helps protect individuals and demonstrates the company's commitment to transparency and customer protection. Offering support such as credit monitoring or identity theft protection can help restore customer trust following a breach.
In the aftermath of the breach, Landmark Admin notified relevant authorities, including law enforcement. Ensuring compliance with all regulatory requirements maintains a good standing and avoids additional penalties in the wake of a cyberattack.
See also: HIPAA Compliant Email: The Definitive Guide
A ransomware attack is a type of malicious software (malware) that encrypts a victim's files or locks them out of their system until a ransom is paid to the attacker. The ransom is usually demanded in cryptocurrency, and failure to pay can result in the permanent loss of the encrypted data or its public release.
If you are affected by ransomware:
Organizations should: