What happened in the VIVA Health data leak?

VIVA Health, an Alabama-based health insurance provider serving employees of UAB and Alabama Power, experienced a data leak that affected 4,945 of its members. A file containing protected health information had been inadvertently made publicly accessible on the company's website.

When was the VIVA Health data leak discovered?

VIVA Health discovered the data leak on August 27, 2025. However, the file containing protected health information had been inadvertently publicly accessible on the company's website since June 14, 2025, meaning the data was exposed for over two months before discovery.

How many VIVA Health members were affected by the data leak?

The data leak affected 4,945 VIVA Health members. The company has mailed notification letters to all affected members detailing the incident and providing guidance on protective steps they can take.

What types of sensitive information were exposed in the VIVA Health leak?

The exposed data includes Medicare Beneficiary Identifier (MBI) numbers, county of residence information, VIVA Health Member identification numbers, group numbers, authorization numbers for requests between August and September 2024, and general details about prior authorization requests including request and decision dates, approval status, and category descriptions.

What services does VIVA Health provide?

VIVA Health is an Alabama-based health insurance provider that specifically serves employees of UAB (University of Alabama at Birmingham) and Alabama Power. The company provides health insurance coverage and manages healthcare benefits for these employee groups.

What assistance is VIVA Health providing to affected members?

VIVA Health is offering one year of free credit monitoring to all affected individuals. The company has provided an enrollment deadline of September 30, 2026, for affected members to sign up for these protective services.

What steps has VIVA Health taken in response to the data leak?

VIVA Health initiated an investigation into the incident and reported it to state and federal regulators in accordance with applicable healthcare privacy laws. The company has also mailed notification letters to all 4,945 affected members providing details about the incident and guidance on protective measures.

What type of authorization information was included in the VIVA Health leak?

The leaked information included authorization numbers for requests between August and September 2024, along with general details about prior authorization requests such as request and decision dates, approval status, and category descriptions for services like skilled nursing facility or diagnostic lab services.

Incident

VIVA Health leaks data of nearly 5,000 Alabama members

published: Sept. 26, 2025

Learn More

VIVA Health, an Alabama-based health insurance provider serving employees of UAB and Alabama Power, is reporting a data leak that affected 4,945 of its members.

The company discovered on August 27, 2025, that a file containing protected health information had been inadvertently made publicly accessible on its website since June 14, 2025. Exposed data includes:

Medicare Beneficiary Identifier (MBI) numbers
County of residence information
VIVA Health Member identification numbers
Group numbers
Authorization numbers for requests between August and September 2024
General details about prior authorization requests, including request and decision dates, approval status, and category descriptions such as skilled nursing facility or diagnostic lab services

The company initiated an investigation and reported the incident to state and federal regulators in accordance with applicable healthcare privacy laws.

VIVA Health is offering one year of free credit monitoring to all affected individuals, with an enrollment deadline of September 30, 2026. The company has mailed notification letters to all 4,945 affected members detailing the incident and providing guidance on protective steps they can take.

VIVA Health leaks data of nearly 5,000 Alabama members

Read More
Arkansas Blue Cross and Blue Shield reports third …
Andesa Services reports MOVEit related data breach
Brighthouse Life Insurance reports data breach caused by …
Aetna Life Insurance reports data breach
Delaware Life Insurance Company reports data breach after …