VIVA Health experienced a cybersecurity incident where a file containing protected health information (PHI) was left publicly accessible on its website from June 14 to August 27, 2025. The exposed data affected 4,945 individuals and included Medicare Beneficiary Identifiers, member IDs, group numbers, county of residence, authorization numbers (August–September 2024), and prior authorization request details. While no Social Security numbers, financial data, names, birth dates, or addresses were compromised, unauthorized parties *may* have accessed or copied the file. Investigators found no evidence of misuse, but the company is offering one year of free credit monitoring as a precaution. Notifications were mailed to affected members, who are advised to monitor their Explanation of Benefits (EOB) and credit reports for fraud. The incident was reported to state and federal regulators, and the exposed file was immediately removed upon discovery.
Source: https://www.wbrc.com/2025/09/27/viva-health-data-breach-impacts-5000-members/
TPRM report: https://www.rankiteo.com/company/viva-health
"id": "viv0962109092725",
"linkid": "viva-health",
"type": "Breach",
"date": "9/2024",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '4,945',
'industry': 'Healthcare',
'location': 'Birmingham, Alabama, USA',
'name': 'VIVA Health',
'type': 'Health Insurer'}],
'customer_advisories': {'contact_phone': '1-800-633-1542 (VIVA Health Member '
'Services)',
'support_offered': ['Free credit monitoring (1 year)',
'Guidance on fraud prevention']},
'data_breach': {'data_exfiltration': 'Possible (unauthorized access/copying '
'suspected but no evidence of misuse)',
'file_types_exposed': ['Text/CSV or similar (file format '
'unspecified)'],
'number_of_records_exposed': '4,945',
'personally_identifiable_information': ['Partial (Member IDs, '
'group numbers, '
'county of '
'residence)'],
'sensitivity_of_data': 'Moderate (no SSNs, financial data, or '
'full PII)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Medicare Beneficiary '
'Identifiers',
'Authorization Details']},
'date_detected': '2025-08-27',
'date_publicly_disclosed': '2025-09-00',
'date_resolved': '2025-08-27',
'description': 'VIVA Health identified a publicly accessible file on its '
'website containing limited protected health information of '
'nearly 5,000 members. The file was exposed from June 14, '
'2025, until its removal on August 27, 2025. No sensitive data '
'such as Social Security numbers, financial details, or full '
'personal identifiers were compromised. The exposed data '
'included Medicare Beneficiary Identifiers, member IDs, and '
'prior authorization details. Affected members are being '
'offered free credit monitoring.',
'impact': {'brand_reputation_impact': 'Moderate (apology issued; trust '
'reassurance emphasized)',
'data_compromised': ['Medicare Beneficiary Identifiers',
'Member IDs',
'Group Numbers',
'County of Residence',
'Authorization Numbers (August–September '
'2024)',
'Prior Authorization Request Details'],
'identity_theft_risk': 'Low (no SSNs or financial data exposed)',
'operational_impact': 'Minimal (file removed; notifications and '
'credit monitoring deployed)',
'systems_affected': ['Website file storage system']},
'investigation_status': 'Ongoing (no evidence of data misuse found as of '
'disclosure)',
'post_incident_analysis': {'root_causes': ['Publicly accessible file due to '
'improper access controls']},
'recommendations': ['Review and audit public-facing file storage for '
'sensitive data',
'Implement stricter access controls for PHI',
'Enhance monitoring for unauthorized access to web-hosted '
'files'],
'references': [{'date_accessed': '2025-09-00',
'source': 'WBRC (Gray Television)',
'url': 'https://www.wbrc.com'}],
'regulatory_compliance': {'regulatory_notifications': ['State and federal '
'regulators notified']},
'response': {'communication_strategy': ['Public disclosure via media (WBRC)',
'Direct member notifications (mail)',
'Apology letter with guidance on '
'fraud alerts and monitoring'],
'containment_measures': ['Immediate removal of the exposed file'],
'incident_response_plan_activated': True,
'recovery_measures': ['Notifications mailed to affected members',
'Free credit monitoring offered (1 year)']},
'stakeholder_advisories': ['Members advised to review Explanation of Benefits '
'(EOBs)',
'Encouraged to place fraud alerts on credit '
'reports',
'Deadline for credit monitoring enrollment: '
'2026-09-30'],
'title': 'VIVA Health Data Exposure Incident',
'type': 'Data Exposure / Unauthorized Access',
'vulnerability_exploited': 'Improper Access Control (Publicly Accessible '
'File)'}