Scattered Spider Breaches Major US Health Insurer — 8.2M Records Exposed

Friday, March 27, 2026 at 12:00 PM UTC·Source: HHS / FBI Joint Advisory

Updated: Saturday, March 28, 2026 at 04:00 PM UTC

Executive Summary

Scattered Spider breaches top-5 US health insurer via help desk social engineering. 8.2M member records including PHI exfiltrated.

Analysis

Scattered Spider social-engineered the IT help desk into resetting an exec MFA token. Deployed legitimate RMM tools, exfiltrated 8.2M records including SSNs, medical diagnoses, prescriptions. Posted sample on leak site with $15M ransom demand. HHS opened HIPAA investigation.

Timeline

Discovered

Mar 20, 2026

Exploitation Detected

Mar 15, 2026

Published

Mar 27, 2026

Source Attribution

Originally published by HHS / FBI Joint Advisory on Mar 27, 2026. Verified by: HHS, FBI, CISA.

Related Threats

HIGHData Breach

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

In January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information. The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek .

22h agoSecurityWeek

HIGHData Breach

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek .

1d agoSecurityWeek

LOWData Breach

Attack Surface Management – ein Kaufratgeber

Mit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen. Sergey Zaykov | shutterstock.com Regelmäßige Netzwerk-Scans reichen für eine gehärtete Angriffsfläche nicht mehr aus. Um die Sicherheit von Unternehmensressourcen und Kundendaten zu gewährleisten, ist eine kontinuierliche Überwachung auf neue Ressourcen und Konfigurationsabweichu

2d agoCSO Online