Young Consulting, a medical SaaS company that recently rebranded to Connexure, yesterday confirmed it notified 954,177 people of an April 2024 data breach that compromised names, Social Security numbers, dates of birth, insurance policy and claim info, and prescriptions.
Ransomware gang BlackSuit claimed responsibility for the attack shortly after it occurred. BlackSuit gave Young 72 hours to make contact and negotiate a ransom at the time.
Connexure has not verified BlackSuit’s claim. We do not yet know if Young Consulting paid a ransom, how much ransom BlackSuit demanded, or how attackers breached Young’s network. Comparitech contacted Connexure for comment and will update this article if it responds.
“The investigation determined that an unauthorized actor gained access to Young Consulting’s network between April 10, 2024, and April 13, 2024, and downloaded copies of certain files,” the notice states.
Young Consulting a.k.a. Connexure is offering eligible victims 12 months of free credit monitoring via TransUnion. The enrollment deadline is 90 days from receipt of the notice letter.
Who is BlackSuit?
BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.
Comparitech researchers have logged 40 confirmed attacks and 70 unconfirmed attacks claimed by BlackSuit since it began operations. This latest attack on Young Consulting brings BlackSuit’s total number of compromised records to more than 2 million.
BlackSuit is rumored to have received $25 million in ransom from software developer CDK Global, following an attack that reportedly cost one of its customers, Sonic Automotive, $30 million in lost income.
Ransomware attacks on US tech
Ransomware attacks on tech companies put user data at risk and can disrupt day-to-day operations, leading to downtime and data loss. The effects of these attacks cascade down to companies and individuals who use the software made by tech companies.
We’ve only recorded four confirmed ransomware attacks on US tech companies so far in 2024, which is a significant decrease from 2023’s total of 42. However, these attacks had widespread effects. In particular, an attack on Tyler Technologies led to data being stolen from the Washington, D.C. Department of Insurance, Securities, and Banking (DISB).
Another 140 attacks have been claimed but not confirmed, according to our data.
About Young Consulting a.k.a. Connexure
Based in Atlanta, Georgia, Young Consulting is a software-as-a-service company serving medical employers in the stop loss insurance market. Young Consulting officially rebranded as Connexure in April 2024, just days after the breach occurred.