On October 13, 2023, Cognisight, LLC filed a notice of data breach with the Attorney General of California on behalf of San Diego PACE after discovering that a vulnerability within MOVEit resulted in the exposure of consumers’ personal information. In this notice, Cognisight explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their protected health information. Upon completing its investigation, Cognisight began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Cognisight, LLC, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Cognisight MOVEit data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Cognisight?
The Cognisight MOVEit data breach was only recently announced, and more information is expected in the near future. However, Cognisight’s filing with the Attorney General of California provides some important information on what led up to the breach. According to this source, Cognisight provides healthcare management services to various health plans and other entities, including San Diego PACE. As a result, San Diego PACE and other organizations provided Cognisight with member information.
On May 31, 2023, Cognisight learned that MOVEit, a file-transfer application used by the company, contained a vulnerability. In response, Cognisight stopped using MOVEit and launched an investigation to understand what, if any, data was leaked.
On June 5, 2023, the Cognisight investigation confirmed that an unauthorized party accessed and removed certain files from Cognisight’s MOVEit server.
After learning that sensitive consumer data was accessible to an unauthorized party, Cognisight hired another company to review the compromised files to determine what information was leaked and which consumers were impacted. This process was completed on August 2, 2023. While the breached information varies depending on the individual, it may include your name and protected health information.
On October 13, 2023, Cognisight sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
In a notice on Cognisight’s website, the company indicates that the MOVEit incident also affected the following entities:
- AltaMed
- ArchCare
- Blue Cross and Blue Shield of Louisiana
- Mercy LIFE West Philadelphia
- Pacific PACE
- Saint Francis LIFE
- Saint Joseph PACE
- Sequoia PACE
- Stockton PACE
- Trinity Health LIFE New Jersey
- Vantage
More Information About Cognisight, LLC
Cognisight, LLC is a business services company that provides various support services to healthcare providers. Based in Rochester, New York, Cognisight focuses on the provision of risk adjustment services such as analytics, chart reviews, health assessments, RADV support and initial validation audits. Cognisight employs more than 53 people and generates approximately $11 million in annual revenue.
