Another benefits company Aflac said this week that it learned of a breach of its systems June 12. The company said it's still determining the scope of that attack.

Google meanwhile has warned the members of Scattered Spider, an international cybercrime community, are targeting attacks at insurers and business process outsourcing organizations in the United States.

Episource and Aflac have not talked about who attacked their systems, but CNN is reporting that "people familiar with" the Aflac investigation said the Aflac breach details are "consistent with the techniques" of Scattered Spider.

The backdrop: In 2024, attackers organized a ransomware attack on the systems of Change Healthcare, a UnitedHealth health data exchange subsidiary, that affected about 190 million people.

After that, reports of huge new benefits-related cyberattacks slowed, possibly because of the effects of cybersecurity investigators' efforts to crack down on the attackers behind the Change breach.

The Episource, Aflac and Scattered Spider announcements could be a sign that a new, possibly AI-boosted wave of health benefits cyberattacks is already in progress.

Related: Most top insurer data breaches result from third-party attacks

Scattered Spider appears to be made up mainly of individuals in English-speaking communities such as the United States and Canada, according to Google.

Group members have used "social engineering" to get personal information about targets that they can use to impersonate companies' employees and get around the "multi-factor authentication" systems, such as systems that use messages to employees' email address or cell phone numbers, that are supposed to keep intruders out of companies' computers.

Scattered Spider members are ramping up their activity at the same time as state-backed attackers are trying to help Russia, Iran and other countries get information and cash they can use to address their needs. Current conditions mean that benefits companies' information security teams have to brace for more intense waves of geopolitically driven hacking in addition to breaches organized by attackers with no governmental support.

Episource breach details: Episource was acquired by UnitedHealth in 2023.

The company helps health care providers add diagnostic codes to claims, and it helps health plans improve the accuracy of the codes in the claims already submitted.

Plans can use the more accurate coding data to analyze and improve patients' health and to participate in programs that pay plans more for caring for sicker patients.

The company learned of the breach affecting its systems on Feb. 6, called law enforcement, hired a breach response team and turned off the affected computer systems, Episource said.

The information that the intruder could see may have included patient contact information, such as telephone numbers and email addresses; diagnoses; and health insurance data, such as member ID numbers, the company said.

In some cases, the company said, the intruder could have seen patients' dates of birth and Social Security numbers. for some patients, the company said.

Epicurious is offering affected individuals two years of free credit monitoring services.

What to do: Google says one thing benefits companies and other companies can do to defend themselves against any new cyberattack wave is to train help desk people to positively identify employees before providing or changing any security information.

Help desk teams should consider requiring seeing the employees in person, or at least on camera, before helping them, according to Google.

Help desk teams should also require calling users at a registered telephone number or getting a confirmation through a known corporate email address before handling sensitive requests, Google added.

"Avoid reliance on publicly available personal data for verification," Google said. "Use internal-only knowledge or real-time presence verification when possible."