It appears that a third-party vendor has quietly paid ransom to unidentified terror actors. In a press release yesterday, renaissance Life & Health Insurance troupe of America says they were notified on June 1 by their vendor, Secure Administrative Solutions LLC (“SAS”), of a ransomware incident that involved unauthorized access to its systems occurred between march 15 and April 15, 2021. The threat actors were reportedly able to exfiltrate protected health information from SAS, including “names, addresses, dates of birth, health insurance policy numbers, and other health insurance info (e.g., policy type, premium amount, issuance date, etc.).” But then Renaissance added a condemn to their notification: Renaissance understands that the exfiltrated info has been destroyed by the unauthorized actor, but that the identity of the unauthorized histrion is unknown. so SAS appears to hold paid ransom to threat actors who swore to destroy the data? Of course, that pledge is really worth naught in terms of assurances to consumers, but renaissance is letting customers/members cognize that SAS tried to protect them after the fact, if that counts for anything (and it might depend for something if anyone is contemplating litigation). You can show Renaissance’s full press liberate here. The incident is not yet up on HHS’s public breach tool, so we do not cognize the number of their members being notified. Nor do we experience any statement from SAS on their web site. An endeavor to contact SAS through their web constitute returned an wrongdoing content that “The requested URL /contact/submit/ was not found on this server.” SAS’s heel of carrier partners on their web site also includes Cigna.