News Room

Home / News Room / Notice of Data Breach

Notice of Data Breach

WebTPA Employer Services, LLC (“WebTPA”) recently detected a data security incident impacting certain systems on their network. WebTPA acts as an administrative services provider to certain benefit plans whose information was impacted in this incident, including San Juan Regional Medical Center.

On December 28, 2023, WebTPA detected evidence of suspicious activity on their network that prompted them to launch an investigation. Upon detecting the incident, WebTPA promptly initiated measures to mitigate the threat and further secure their network. WebTPA also launched an investigation with the support of industry leading third-party cybersecurity experts and notified federal law enforcement. The investigation concluded that the unauthorized actor may have obtained personal information between April 18, 2023 and April 23, 2023. WebTPA promptly informed benefit plans about the incident and the potential exposure of personal information. WebTPA then diligently worked to confirm the extent of impacted data, which they provided to benefit plans on March 25, 2024.

The information that was impacted may have included: member(s) name, contact information, date of birth, Social Security number. Not every data element was present for every individual. Financial information, such as financial account information or credit card numbers, was not impacted in this incident.

WebTPA is offering individuals two years of complimentary identity monitoring services through Kroll. WebTPA also deployed additional security measures and tools with the guidance of third-party cybersecurity experts to further strengthen the security of our network.

WebTPA is not aware of any misuse of benefit plan member information as a result of this incident. Nonetheless, it is always advisable to remain vigilant against attempts at identity theft or fraud, which includes carefully reviewing credit reports and Explanations of Benefits (“EOBs”) from your benefit plans for suspicious activity. If you identify suspicious activity, you should contact the entity that maintains the information on your behalf.

WebTPA has established a dedicated call center to answer questions. If you have any questions regarding this incident, please call 866-495-9179 Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays.

Back to Top