In late June 2023, BHI Energy, a subsidiary of Westinghouse, experienced a data breach caused by a ransomware attack. This led to unauthorized access to business records and personal information. The incident was quickly addressed, with authorities being notified and a cybersecurity firm brought in to investigate. Affected individuals were informed in October 2023 and offered complimentary credit and identity monitoring services.

How many accounts were compromised?

The breach impacted data related to approximately 896 individuals.

What data was leaked?

The data exposed in the breach included individuals' first, middle, and last names, addresses, dates of birth, Social Security numbers, and potential medical and claims information related to BHI's health plan.

How was BHI Energy hacked?

The threat actor behind the breach gained initial access to BHI's network through a compromised account of a third-party contractor and then accessed the internal network via a VPN connection. After performing reconnaissance, the attacker exfiltrated data over nine days and subsequently deployed the Akira ransomware. The breach was discovered when BHI's IT team noticed network data being encrypted, prompting an investigation with the help of a third-party cybersecurity firm. The exact method used to compromise the third-party contractor's account remains unclear.

BHI Energy's solution

In response to the hack, BHI Energy took several measures to secure its platform and prevent future incidents. They promptly removed the threat and contained the incident, notified law enforcement authorities, and hired a third-party cybersecurity firm to investigate. BHI also worked diligently with internal and external consultants to strengthen the security of their systems against outside threats. Additionally, they reviewed their privacy and security policies, procedures, and training. Affected individuals were notified and offered free credit and identity monitoring for two years. The specific nature of the data breached and the number of affected individuals remains unclear.

How do I know if I was affected?

BHI Energy has notified affected individuals by mail. If you believe you may have been affected by the BHI Energy breach and haven't received a notification, you can visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

• Change Your Passwords: Immediately update your passwords for any accounts that may have been affected. Make sure the new passwords are strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

• Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes immediately.

For more specific help and instructions related to BHI Energy's data breach, please contact BHI Energy's support directly.

Where can I go to learn more?

If you want to find more information on the BHI Energy data breach, check out the following news articles:

• Notice of Data Security Incident - BHI Energy

• BHI Energy Releases Details of Akira Ransomware Attack

• Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches