TexanPlus, a Houston-based Medicare Advantage plan, disclosed a business email compromise (BEC) attack in April 2024. An attacker gained access to employee email accounts and accessed PHI for 210,000 plan members.
Phishing campaign targeting billing and enrollment staff. Credential harvest via fake O365 login page. Threat actor used compromised accounts to access member PHI and redirect wire payments — combined PHI breach and financial fraud attempt.
Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →
| Regime | Standard / Citation | Gap Identified |
|---|---|---|
| HIPAA | 45 CFR §164.308(a)(5) | Security awareness — no documented phishing simulation program for billing staff; highest BEC risk group |
| HIPAA | 45 CFR §164.312(d) | Person authentication — MFA not enforced on email access; allowed credential-based takeover |
| TDPA | Tex. B&C Code §521.053 | TX Medicare member notification required for 210,000 individuals |
CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.
Free $2,500 security posture assessment for Texas organizations. We map your gaps against the same attack vectors used in this incident. No contract, no commitment.