Virta Medical PC Data Breach Exposes Sensitive Patient Information
On March 24, 2026, Virta Health a digital health company specializing in virtual care for type 2 diabetes and metabolic conditions detected unauthorized access to a data repository separate from its primary production platform. The breach occurred between March 19 and March 22, 2026, when an unauthorized third party potentially accessed sensitive files.
Virta Medical PC, a Georgia-registered clinic affiliated with Virta Health, operates as a Medicare-enrolled telehealth provider serving patients across multiple states. Following the incident, the company secured its systems, engaged cybersecurity experts, and notified law enforcement.
The exposed data includes a wide range of personally identifiable and health-related information, such as:
- Social Security numbers and Individual Tax Identification numbers
- Medical diagnoses, treatment details, and clinical records
- Health insurance information and medical record numbers
- Dates of birth, contact details, and physician/facility information
Shamis & Gentile P.A., a law firm specializing in data breach class actions, is investigating potential legal claims for affected individuals. Those impacted may be eligible for compensation due to the exposure of their sensitive information.
Source: https://www.claimdepot.com/investigations/virta-health-data-breach-2026-23d7d
Virta Health cybersecurity rating report: https://www.rankiteo.com/company/virta-health
"id": "VIR1781548188",
"linkid": "virta-health",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': 'Georgia, USA',
'name': 'Virta Medical PC',
'type': 'Healthcare Clinic'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'personally_identifiable_information': ['Social Security '
'numbers',
'Individual Tax '
'Identification '
'numbers',
'Dates of birth',
'Contact details',
'Physician/facility '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Health-related Information']},
'date_detected': '2026-03-24',
'description': 'On March 24, 2026, Virta Health detected unauthorized access '
'to a data repository separate from its primary production '
'platform. The breach occurred between March 19 and March 22, '
'2026, when an unauthorized third party potentially accessed '
'sensitive files. Virta Medical PC, a Georgia-registered '
'clinic affiliated with Virta Health, operates as a '
'Medicare-enrolled telehealth provider serving patients across '
'multiple states. The exposed data includes personally '
'identifiable and health-related information such as Social '
'Security numbers, medical diagnoses, treatment details, '
'health insurance information, and more.',
'impact': {'data_compromised': 'Sensitive patient information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal claims',
'systems_affected': 'Data repository separate from primary '
'production platform'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Potential class action '
'investigation'},
'response': {'containment_measures': 'Secured systems',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'Unauthorized Third Party',
'title': 'Virta Medical PC Data Breach Exposes Sensitive Patient Information',
'type': 'Data Breach'}