On May 26, 2023, Alvaria, Inc. filed a notice of data breach on behalf of Shasta Community Health Center (“Shasta”) after Alvaria determined that a recent ransomware attack targeting the company’s IT network compromised confidential information related to certain Shasta patients. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and protected health information. After confirming that consumer data was leaked, Alvaria began sending out data breach notification letters to all Shasta patients who were impacted by the recent data security incident.
If you received a data breach notification from Alvaria, Inc. or Shasta Community Health Center, it is essential you understand what is at risk and what you can do about it. As a reminder, don’t be surprised to see the “Notice of Data Incident” is on Alvaria's letterhead because it was Alvaria’s systems that were breached. However, this doesn’t change the fact that, under U.S. data breach laws, either company may be financially liable for the breach. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Shasta Community Health Center data breach, please see our recent piece on the topic here.
News of the Shasta Community Health Center data breach is still fresh; however, what we know at this point comes from Alvaria’s filing with the California Attorney General. Shasta also posted a notice of the incident on its website. According to this source, on March 9, 2023, Alvaria learned that it was the victim of a ransomware attack. In response, Alvaria secured its network, backed up its systems and then initiated an investigation with the assistance of third-party data security specialists.
The Alvaria investigation confirmed that an unauthorized party was able to access certain files on the company’s network that contained confidential information belonging to Shasta patients.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Shasta Community Health Center began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and protected health information.
On May 26, 2023, Shasta Community Health Center sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1988, Shasta Community Health Center is a primary health care system based in Redding, California. Shasta operates eight locations in Redding, Anderson and Shasta Lake City. Shasta Community Health Center employs more than 424 people and generates approximately $40 million in annual revenue.
Alvaria, Inc. is a software company based in Westford, Massachusetts. The company was recently formed through the merger of Aspect Software and Noble Systems, two companies that offered a variety of Customer Experience (CX) and Workforce Engagement solutions. Alvaria employs more than 2,000 people and generates approximately $423 million in annual revenue.