WebTPA Security Incident

On Dec. 28, 2023, WebTPA, the third-party administrator for the APA Voluntary Supplemental Medical Plan (SMP), detected evidence of suspicious activity on its network and immediately launched an investigation. While their investigation is not yet complete, WebTPA recently notified APA that it appears an unauthorized actor accessed information on WebTPA’s network. WebTPA is still uncertain as to the extent of the security incident and whether it affected any APA members. We will keep you apprised as we learn more from WebTPA.

What we have been told is that certain WebTPA files containing eligibility information such as name, contact information, date of birth, gender, Social Security number, member identification number, and subscriber identification number may have been accessed. While we do not know for certain whether information relating to any APA members has been impacted by this cybersecurity incident, given the nature of the information involved, we encourage all members who are or have been enrolled in the APA Voluntary Supplemental Medical Plan (SMP) to remain vigilant in checking their financial statements, credit reports, and any communications related to their health care for suspicious activity.

WebTPA has assured APA that it promptly initiated measures to mitigate the threat and further secure its network. The industry-leading cyber response team WebTPA retained has determined the incident is now contained and WebTPA’s information systems are secured.

APA has also secured a commitment from WebTPA that it will provide credit monitoring and identity theft protection services, at no cost, to any members who may be determined to have been impacted by this incident.

Once again, we will update you on this situation as we learn more from WebTPA. In the meantime, please direct any questions to WebTPA at webtpa.compliance@webtpa.com or 1-800-758-0989.