Affinity Legacy, Inc. reports MOVEit related data breach

Affinity Legacy, Inc., previously Affinity Health Plan, Inc., is reporting a data breach at a former third-party vendor that led to the theft of personal information of 5,538 former Medicare Advantage members. Based in the Bronx, New York, Affinity Legacy, Inc. is a not-for-profit organization focused on supporting underserved individuals, families, and communities in New York City and surrounding counties through grants to community-based organizations.

This incident, which did not affect Affinity's systems, involved former members of Affinity's Medicare Advantage Plan pre-2019 or EmblemHealth Medicare Advantage Plan members post-2019.

The vendor, offering claims processing services to Affinity before 2019, reported unauthorized access and downloading of files from its MOVEit Secure File Transfer server between May 30 and June 2, 2023.

The compromised data varied per member but may include:

• names,
• addresses,
• birth dates,
• social security numbers,
• Medicare numbers,
• medical diagnosis codes.

Affinity is contacting affected members with personalized notices detailing the breach and offering complimentary Personal Identity and Privacy Protection. More information is available at www.affinitylegacy.org.