On April 13, 2025, NAHGA Claims Services, a third-party administrator for accident and health insurance claims, detected a targeted cyber intrusion into its network. Between April 8–10, 2025, unauthorized actors accessed and exfiltrated files containing highly sensitive personal data, including names, Social Security numbers, medical records, insurance policy details, and other PII/PHI tied to claims. The breach impacted a broad national client base—schools, colleges, youth camps, daycare centers, volunteer groups, and sports organizations—though the exact number of victims remains undisclosed. The attack was neither due to a known vulnerability nor employee negligence but a deliberate infiltration. NAHGA responded with enhanced security protocols and offered affected individuals 24 months of credit/CyberScan monitoring, $1M identity theft insurance, and managed recovery services, including provisions for minors. The incident poses severe risks of identity theft, financial fraud, and long-term reputational harm to both the company and its clients.
Source: https://www.claimdepot.com/data-breach/nahga-2025
TPRM report: https://www.rankiteo.com/company/nahga-claim-services
"id": "nah0402704110625",
"linkid": "nahga-claim-services",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Significant (exact number '
'undisclosed)',
'industry': 'Healthcare/Insurance',
'location': 'National (U.S.)',
'name': 'NAHGA Claims Services',
'type': 'Third-Party Administrator (Insurance Claims)'},
{'industry': ['Education', 'Non-Profit', 'Recreation'],
'location': 'National (U.S.)',
'name': 'Client Organizations of NAHGA',
'type': ['Schools',
'Colleges',
'Youth Camps',
'Daycare Centers',
'Volunteer Groups',
'Sports Organizations']}],
'attack_vector': 'Targeted Intrusion',
'customer_advisories': ['Enrollment instructions for identity protection '
'services provided to affected individuals; minors '
'eligible for monitoring and recovery support'],
'data_breach': {'data_exfiltration': 'Likely (files accessed and potentially '
'acquired)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Medical Information',
'Insurance Policy '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs, medical, and '
'insurance data)',
'type_of_data_compromised': ['PII',
'PHI',
'Names',
'Social Security Numbers',
'Medical Information',
'Insurance Policy Numbers']},
'date_detected': '2025-04-13',
'description': 'On April 13, 2025, NAHGA Claims Services, a national '
'third-party administrator specializing in accident and health '
'insurance claims, discovered unusual activity on its network '
'systems. An investigation with independent cybersecurity '
'experts revealed that between April 8 and April 10, 2025, '
'files containing personal information—including names, Social '
'Security numbers, medical information, insurance policy '
'numbers, and other PII/PHI—were accessed and potentially '
'acquired by an unauthorized party. The breach affected '
'individuals associated with NAHGA’s clients, including '
'schools, colleges, youth camps, daycare centers, volunteer '
'groups, and sports organizations. The exact number of '
'affected individuals remains undisclosed, but the scope is '
'significant given NAHGA’s national client base. The intrusion '
'was targeted and not attributed to a known vulnerability or '
'employee error.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII/PHI',
'data_compromised': ['Names',
'Social Security Numbers',
'Medical Information',
'Insurance Policy Numbers',
'Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (due to exposure of SSNs, medical, '
'and insurance data)'},
'initial_access_broker': {'high_value_targets': ['PII/PHI databases']},
'investigation_status': 'Ongoing (as of disclosure)',
'post_incident_analysis': {'corrective_actions': ['Enhanced security measures '
'implemented'],
'root_causes': 'Targeted intrusion (not attributed '
'to known vulnerability or employee '
'error)'},
'references': [{'source': 'South Carolina Attorney General’s Security Breach '
'Disclosure Page'}],
'regulatory_compliance': {'regulatory_notifications': ['South Carolina '
'Attorney General’s '
'office (security '
'breach disclosure)']},
'response': {'communication_strategy': ['Official notice sent to affected '
'individuals',
'Disclosure on South Carolina '
'Attorney General’s security breach '
'page'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['Enhanced security measures '
'implemented'],
'third_party_assistance': ['Independent Cybersecurity Experts']},
'stakeholder_advisories': ['Complimentary identity theft protection services '
'offered via IDX, including 24 months of '
'credit/CyberScan monitoring, $1M insurance '
'reimbursement, and identity recovery support'],
'title': 'NAHGA Claims Services Data Breach (April 2025)',
'type': ['Data Breach', 'Unauthorized Access']}