Humana, Inc.

On May 30, 2023, Humana, Inc. (via its subsidiary Welltok, Inc.) fell victim to a **malware-based cyberattack**, exposing sensitive data of **33,193 Washington State residents**. The breach compromised **personal identifiers**—including **full names, dates of birth, health insurance policy/ID numbers**, and **medical information**. The incident highlights a severe **data security failure**, where attackers exploited vulnerabilities to access protected health information (PHI). Such exposure poses risks of **identity theft, medical fraud, and targeted phishing**, as the leaked data could enable malicious actors to impersonate victims for financial or healthcare-related scams. The breach also undermines trust in Humana’s ability to safeguard patient confidentiality, potentially leading to **regulatory penalties** under laws like HIPAA (Health Insurance Portability and Accountability Act). While the attack did not involve ransomware, the **scale and sensitivity of the leaked data**—particularly medical records—elevate its severity. The compromised information could have long-term repercussions for affected individuals, including **discrimination risks** (e.g., based on pre-existing conditions) or **unauthorized access to healthcare services**. Humana’s response, including notification and mitigation measures, remains critical to limiting further harm.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=16506

TPRM report: https://www.rankiteo.com/company/humana

"id": "hum030090625",
"linkid": "humana",
"type": "Cyber Attack",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '33,193',
                        'industry': 'Health Insurance',
                        'location': 'Washington State (affecting 33,193 '
                                    'residents)',
                        'name': 'Humana, Inc. (Welltok, Inc.)',
                        'type': 'Healthcare'}],
 'data_breach': {'number_of_records_exposed': '33,193',
                 'personally_identifiable_information': ['Names',
                                                         'Full dates of birth',
                                                         'Health insurance '
                                                         'policy or ID '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2023-05-30',
 'description': 'The Washington State Office of the Attorney General reported '
                'that Humana, Inc. (Welltok, Inc.) experienced a cyberattack '
                'involving malware on May 30, 2023, affecting 33,193 '
                'residents. The breach potentially compromised names, full '
                'dates of birth, health insurance policy or ID numbers, and '
                'medical information.',
 'impact': {'data_compromised': ['Names',
                                 'Full dates of birth',
                                 'Health insurance policy or ID numbers',
                                 'Medical information'],
            'identity_theft_risk': 'High (PII and medical data exposed)'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Office of the Attorney '
                                                       'General'},
 'title': 'Humana (Welltok, Inc.) Cyberattack Involving Malware',
 'type': 'Cyberattack (Malware)'}