Affinity Legacy, Inc. (formerly known as Affinity Health Plan, Inc.) confirmed a recent data breach at a former third-party vendor, resulting in the theft of personal information belonging to 5,538 former Medicare Advantage members. Crucially, Affinity’s internal systems remained unaffected by the incident.
The impacted individuals were either past members of Affinity’s Medicare Advantage Plan pre-2019 or, post-2019, members of an EmblemHealth Medicare Advantage Plan.
The breach occurred at a third-party vendor providing claims processing services to Affinity Health Plan before 2019. This vendor received personal health information of Medicare members, and on June 21, 2023, discovered unauthorized access and file downloads from its MOVEit Secure File Transfer server between May 30 and June 2, 2023. An investigation by the vendor confirmed that files containing members’ personal health information were compromised. The breached information varied for each member but may include name, mailing address, date of birth, social security number, Medicare number, and/or medical diagnosis codes.
The MOVEit software, commonly used for file transfers among companies, reportedly impacted tens of millions of individuals and over 2,000 organizations across various industries worldwide, as per publicly available information.
Affinity collaborated with the vendor to comprehend the breach and is actively sending personalized notices to all affected members. These notices detail the incident and provide personalized information about the specific data breached for each member. Additionally, recipients of the notices are offered access to complimentary Personal Identity and Privacy Protection services through a reputable data breach response service provider.
For further details on this incident, individuals are directed to visit Affinity Legacy’s website: www.affinitylegacy.org
