Health Management Systems of America (HMSA) announced on March 6, 2026, that it has encountered a security incident stemming from unauthorized access to an email account. The breach was traced back to a spear phishing incident detected on December 9, 2024. This notification aims to provide insight into HMSA's actions and the measures implemented to bolster its security.
"We experienced unauthorized activity concerning a single email account," said a spokesperson for HMSA. The organization swiftly acted to secure the compromised account and sought assistance from an IT security firm to probe the matter further. The investigation confirmed that an unauthorized individual had accessed the contents of the affected email account.
"We experienced unauthorized activity concerning a single email account,"
By the Numbers
HMSA took immediate steps to assess the extent of the data breach. Following the initial investigation, the organization commenced a thorough review of the email account to identify potentially involved data and its associated individuals. "We began notifying individuals whose data was involved," the spokesperson noted. For those whose Social Security numbers were compromised, HMSA has offered enrollment in credit monitoring services to mitigate potential identity theft risks.
"We began notifying individuals whose data was involved,"
By the Numbers
By the Numbers
By the Numbers
The types of information accessed in the breach were diverse, affecting each individual differently. Among the exposed data were insurance claims information, employee assistance program details, service authorizations, and various personal identifiers including driver's licenses and Social Security numbers. "Importantly, we have no indication that this information has been the subject of any fraudulent activity," the spokesperson clarified, attempting to reassure affected individuals.
"Importantly, we have no indication that this information has been the subject of any fraudulent activity,"
In the wake of this incident, HMSA encourages individuals to remain vigilant against identity theft and fraudulent activity. "It is always prudent for individuals to review your credit reports and account statements for suspicious activity and to detect errors," the spokesperson recommended. If users notice any unusual activity, they are advised to contact their financial institution or health insurance provider promptly.
"It is always prudent for individuals to review your credit reports and account statements for suspicious activity and to detect errors,"
For further inquiries regarding the security incident, HMSA has provided contact information for concerned individuals. They can be reached by mail at 601 Washington Boulevard, Detroit, Michigan 48226, or by phone at (866) 613-8940 from Monday to Friday, 8:00 AM to 5:30 PM Central Time, excluding major U.S. holidays.
This incident underscores the ongoing challenges organizations face regarding cybersecurity. HMSA is taking proactive steps to enhance its security measures, allowing them to address vulnerabilities and protect sensitive information as the digital landscape evolves. Moving forward, monitoring the effectiveness of these new security protocols will be crucial in restoring confidence among their clients and stakeholders.
