PHI of 87,400 Plan Members Exposed Due to Union Labor Life Insurance Phishing Attack


Union Labor Life Insurance (ULLI), a subsidiary of Ullico Inc., encountered a phishing attack, which caused the protected health information (PHI) of 87,000 plan members to be exposed. A ULLI employee responded to a phishing email believing it was a legitimate request by a business partner.

The email contained a hyperlink, which the employee clicked. A login page opened where the employee inputted the required credentials. This action allowed the attacker to collect the credentials and use it for the remote access of the employee’s account.

The ULLI system is built with a warning system that notified the IT department concerning the unauthorized access. The IT department stopped the third-party from accessing the account within 90 minutes of receiving the alert. The network connection of the device was also removed. These things happened on April 1, 2019. Thanks to the immediate action of the ULLI IT team, the hacker was restricted from accessing or stealing the sensitive information contained in email messages and file attachments.

ULLI conducted a forensic investigation and affirmed the compromise of only one email account utilizing one device. The investigators did not find any evidence that data was accessed or stolen. But since the email account messages and attachments contained plan members’ PHI, data access or theft cannot be ruled out with 100% certainty.

The protected health information that was potentially exposed included the names of plan members, birth dates, addresses, Social Security numbers, and some private health information of plan members and their loved ones.

As a safety precaution, ULLI provided all people impacted by the breach two years of credit monitoring and identity theft protection services at no cost.

ULLI sent the breach report to the Department of Health and Human Services’ Office for Civil Rights. There were around 87,400 patients impacted by the data breach.