The Vitality Group Files Notice of MOVEit Data Breach Affecting Employees of AltaMed Health Services Corp.

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

On June 30, 2023, the Vitality Group International, Inc. (“Vitality”) filed a notice of data breach with the Attorney General of California on behalf of AltaMed Health Services Corporation (“AltaMed”) after discovering that a file transfer software used by Vitality contained a critical vulnerability. As a result, Vitality determined that an unauthorized party was able to access certain confidential information belonging to AltaMed employees, which includes their names, mailing addresses, dates of birth, and email addresses, which may be linked to their Social Security numbers. Upon completing its investigation, Vitality began sending out data breach notification letters to all AltaMed employees who were affected by the MOVEit incident.

If you receive a data breach notification from the Vitality Group, it is essential you understand what is at risk and what you can do about it. Keep in mind that because AltaMed’s IT systems were not affected by this incident, you will not likely receive a letter from AltaMed. However, if you get a data breach letter from Vitality, read it closely because it probably means your personal information was compromised. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Vitality data breach. For more information, please see our recent piece on the topic here.

What Caused the Vitality Group / AltaMed Breach?

The Vitality / AltaMed data breach was only recently announced, and more information is expected in the near future. However, Vitality’s filing with the Attorney General of California provides important details about the incident.

According to this source, AltaMed contracts with Vitality to provide certain services to AltaMed, requiring AltaMed to provide Vitality with information about its employees. Vitality uses the file-transfer software MOVEit, which is created by Progress Software, LLC. On May 30, 2023, Progress discovered a zero-day vulnerability that allowed hackers to access information that was transferred using MOVEit. A zero-day vulnerability is one that the creator of the software had no idea existed until it was exploited by hackers, giving them “zero days” to fix it.

Vitality identified the vulnerability on June 1, 2023, at which point, Vitality terminated all unauthorized access. Vitality then launched an investigation into the incident, determining that the MOVEit vulnerability allowed an unauthorized party to access confidential information belonging to AltaMed employees.

After learning that sensitive consumer data was accessible to an unauthorized party, Vitality reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, mailing address, date of birth, and email address, which may be linked to your Social Security number.

On June 30, 2023, Vitality sent out data breach letters on behalf of AltaMed to anyone who was affected by the recent data security incident. So, while the Vitality / AltaMed data breach did not involve unauthorized access to any of AltaMed’s systems, it did result in confidential AltaMed employee information being leaked.

More Information About AltaMed Health Services Corporation and the Vitality Group

Founded in 1969, AltaMed Health Services Corporation is a health services organization based out of Los Angeles, California. AltaMed serves patients in Los Angeles and Orange County, California, providing them with primary care, dental care and senior care. AltaMed operates over 46 locations throughout Southern California. AltaMed employs more than 3,200 people and generates approximately $470 million in annual revenue.

Founded in 2005, Vitality Group International, Inc. is a healthcare software company based in Chicago, Illinois. The company provides a mobile platform that provides health and wellness updates in real-time, encouraging users to prioritize their health through incentives, data and behavioral science. Vitality’s software is used by more than 30 million people in 40 markets across the world. Vitality Group employs more than 359 people and generates approximately $99 million in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide