Health insurance company in Alabama faces data breach impacting 5,000 customers

Data Breach Affects Thousands of Alabama Health Insurance Members

A health insurance company based in Alabama has reported that nearly 5,000 of its members were impacted by a data breach that exposed sensitive health information online.

Viva Health, in conjunction with Alabama’s electricity employee insurance providers, announced in a press release that they discovered the breaches on August 27th. They noted that a limited amount of protected health information was compromised during this incident.

The company mentioned that it found files on its website containing some health information. “This file was accessible from June 14, 2025, to August 27, 2025,” they stated. Once it was discovered, the file was promptly removed, and a thorough investigation was initiated. Officials have reported this incident to relevant state and federal authorities as required by law.

The release specified that 4,945 individuals were affected, and the information involved included:

Medicare Beneficiary Identifier (MBI)

Residence County

Viva Health Member ID and group number

Permission number for requests between August and September 2024

General details about advance permission requests, such as request dates, approval status, and descriptions related to skilled nursing facilities and diagnostic labs

While unauthorized individuals may have accessed, copied, or downloaded these files while they were online, there’s no current evidence suggesting that the information has been misused.

However, it’s worth noting that confidential details such as Social Security numbers, names, dates of birth, home addresses, and payment information were not compromised.

Viva Health, which serves around 100,000 individuals and is part of the UAB Health System, indicated that it is enhancing security protocols and providing affected individuals with complimentary credit monitoring services from Equifax.

They advise those impacted to notify affected individuals, examine health plan statements, place fraud alerts on credit reports, and keep an eye out for unusual credit activities.

In a letter to those affected, the company expressed regret for the incident: “We sincerely apologize for any concerns this may cause. We take your health information very seriously and are committed to protecting your information and maintaining your trust.”