An Alabama-based health insurance company said nearly 5,000 of its members have been affected by a data breach that leaked protected health information online.
Viva Health, an insurance provider for UAB and Alabama Power employees, said in a press release Friday that they identified a data breach on Aug. 27 and limited protected health information was shared.
“VIVA Health identified a file on its website that contained limited protected health information,” the company said in the release. “The file had been accessible from June 14, 2025, to Aug. 27, 2025. Upon identification, the file was promptly removed, and a comprehensive investigation was initiated. The incident has been reported to state and federal regulators in accordance with applicable laws.”
According to the release, 4,945 individuals were affected, and the following information was involved:
- Medicare Beneficiary Identifier (MBI)
- County of residence
- VIVA Health Member ID and Group Number
- Authorization Numbers for requests between August and September 2024
- General details about prior authorization requests (e.g., request and decision dates, approval status, and category descriptions such as skilled nursing facility or diagnostic lab)
The insurance company said unauthorized individuals could have accessed, copied or downloaded the file during the time it was available online, but there is no evidence that any information has been misused.
Sensitive information like Social Security numbers, names, dates of birth, home addresses, payment and financial details were not hacked.
Viva Health, which covers 100,000 individuals and is part of the UAB health system, said they are strengthening security measures and is offering a free year of credit monitoring through Equifax to affected individuals.
They are notifying anyone affected by the breach and recommending they review health plan statements and Explanation of Benefits, place fraud alerts on their credit reports and monitor their credit reports for unusual activity.
“We regret this incident and sincerely apologize for any concern it may cause,” a letter sent to affected individuals read. “We take the protection of your health information very seriously and are committed to protecting your information and maintaining your trust.”
If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.
Source: Alabama-based health insurance company hit by data breach affecting 5,000 customers
