Scam and credential theft activity spikes during open enrollment: What CISOs need to know

This report details the Cierant Corporation vendor breach in which an exploited vulnerability in the Cleo VLTrader file-transfer tool during the 2024 open enrollment period exposed names, addresses, dates of birth, medical and beneficiary identifiers for roughly 232,506 individuals; it connects that upstream supply-chain compromise to downstream personalized open-enrollment and Medicare scams, outlines legal consolidation of class actions, and offers hardening, vendor oversight, and detection controls for health plans and CISOs.