Viva Health, an Alabama-based health insurance provider serving UAB and Alabama Power employees, experienced a data breach where a file containing limited protected health information (PHI) was exposed on its website from June 14, 2025, to August 27, 2025. The breach affected 4,945 individuals, with leaked data including Medicare Beneficiary Identifiers (MBI), county of residence, Viva Health Member IDs, group numbers, and prior authorization details (e.g., request dates, approval status, and service categories like skilled nursing or diagnostic labs). While unauthorized access was possible, there is no evidence of misuse of the exposed data. Sensitive information such as Social Security numbers, names, dates of birth, addresses, or financial details were not compromised. Viva Health removed the file, reported the incident to regulators, and offered free credit monitoring to affected individuals. The company is enhancing security measures and advising impacted members to monitor their credit and health statements for fraudulent activity.
TPRM report: https://www.rankiteo.com/company/viva-health
"id": "viv4102441092725",
"linkid": "viva-health",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4,945',
'industry': 'Healthcare',
'location': 'Alabama, USA',
'name': 'Viva Health',
'size': 'Covers 100,000 individuals',
'type': 'Health Insurance Provider'}],
'customer_advisories': ['Review health plan statements and Explanation of '
'Benefits (EOBs)',
'Place fraud alerts on credit reports',
'Monitor credit reports for unusual activity',
'Utilize free credit monitoring offered by Equifax'],
'data_breach': {'data_exfiltration': 'Possible (file was accessible for '
'download/copying, but no evidence of '
'misuse)',
'file_types_exposed': ['Unspecified file format (likely '
'document or spreadsheet)'],
'number_of_records_exposed': '4,945',
'personally_identifiable_information': 'Partial (MBI and '
'member IDs, but no '
'names, SSNs, or '
'direct identifiers)',
'sensitivity_of_data': 'Moderate (limited PHI; no SSNs, '
'financial data, or personally '
'identifiable details like '
'names/addresses)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Medicare Beneficiary Identifier '
'(MBI)',
'Member IDs',
'Authorization details']},
'date_detected': '2025-08-27',
'date_publicly_disclosed': '2025-08-30',
'description': 'An Alabama-based health insurance company, Viva Health, '
'reported a data breach where a file containing limited '
'protected health information (PHI) was accessible on its '
'website from June 14, 2025, to August 27, 2025. The breach '
'affected 4,945 individuals, exposing Medicare Beneficiary '
'Identifiers (MBI), county of residence, member IDs, group '
'numbers, and authorization details. While unauthorized access '
'or download of the file was possible, there is no evidence of '
'misuse. Viva Health is offering affected individuals a free '
'year of credit monitoring and has notified state and federal '
'regulators.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of protected health '
'information; apology issued to '
'affected members',
'data_compromised': ['Medicare Beneficiary Identifier (MBI)',
'County of residence',
'Viva Health Member ID',
'Group Number',
'Authorization Numbers (August–September '
'2024)',
'General details about prior authorization '
'requests (request/decision dates, approval '
'status, category descriptions)'],
'identity_theft_risk': 'Low (no SSNs, names, DOBs, or financial '
'details exposed)',
'payment_information_risk': 'None (no payment or financial details '
'compromised)',
'systems_affected': ['Public-facing website file storage']},
'investigation_status': 'Ongoing (comprehensive investigation initiated)',
'post_incident_analysis': {'corrective_actions': ['File removal',
'Security measures '
'strengthened (details '
'unspecified)'],
'root_causes': ['Improper access controls for a '
'file containing PHI on a public '
'website']},
'recommendations': ['Review and secure all public-facing files containing '
'sensitive data',
'Implement regular audits for exposed PHI or PII',
'Enhance employee training on data handling and website '
'security',
'Monitor for unauthorized access to sensitive files in '
'real-time'],
'references': [{'date_accessed': '2025-08-30',
'source': 'Viva Health Press Release'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (likely, due to PHI '
'exposure)'],
'regulatory_notifications': ['State and federal '
'regulators notified '
'in accordance with '
'applicable laws']},
'response': {'communication_strategy': ['Press release issued (August 30, '
'2025)',
'Direct notification to affected '
'individuals with advisory letters',
'Recommendations for members to '
'review health plan statements, place '
'fraud alerts, and monitor credit '
'reports'],
'containment_measures': ['File promptly removed from website'],
'incident_response_plan_activated': True,
'recovery_measures': ['Free year of credit monitoring via '
'Equifax for affected individuals'],
'remediation_measures': ['Strengthening security measures '
'(details unspecified)']},
'stakeholder_advisories': ['Apology issued to affected members',
'Guidance provided to monitor credit and health '
'statements'],
'title': 'Viva Health Data Breach Exposes Protected Health Information of '
'Nearly 5,000 Members',
'type': 'Data Breach',
'vulnerability_exploited': 'Improperly secured file on public-facing website'}