The Vitality Group, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Vitality Group, LLC, experienced a data breach due to a vulnerability in the MOVEit file transfer software developed by Progress Software. The breach was first identified on June 1, 2023, when Vitality disconnected the MOVEit software from its server to prevent further unauthorized access[3]. The vulnerability allowed an unauthorized party to access and remove sensitive data, including names, Social Security numbers, mailing addresses, dates of birth, and health information of certain individuals[3][7].
The breach affected a total of 10,244 individuals, including 2 Maine residents[7]. Vitality Group began sending out data breach notification letters on July 6, 2023, to all affected individuals, advising them of the breach and the steps they could take to protect themselves[7]. The company also offered 24 months of credit monitoring and identity theft protection services through Experian to the impacted individuals[13][15].
Vitality Group is a healthcare software company based in Chicago, Illinois, that provides a mobile platform for health and wellness updates in real-time, encouraging users to prioritize their health through incentives, data, and behavioral science[1]. The software is used by more than 30 million people in 40 markets worldwide, and the company employs over 359 people with an annual revenue of approximately $99 million[1][3].
The breach was reported to various state attorneys general, including those of Montana, Massachusetts, and Maine[1][3][7]. As of the time of the reports, there was no indication that the impacted information had been misused[13].
Citations:
- https://www.jdsupra.com/legalnews/vitality-group-confirms-moveit-1611521/
- https://twitter.com/TeamVitality
- https://www.jdsupra.com/legalnews/the-vitality-group-provides-notice-of-8008517/
- https://www.johnhancock.com/index.html
- https://www.doj.nh.gov/consumer/security-breaches/documents/vitality-group-20230628.pdf
- https://www.lilly.com
- https://apps.web.maine.gov/online/aeviewer/ME/40/b44c74d9-1ffb-4e7a-8b27-32c946297225.shtml
- https://www.doterra.com/US/en
- https://www.idstrong.com/sentinel/vitality-moveit-data-breach/
- https://studyfinds.org/kiwis-boost-mood-4-days/
- https://www.myinjuryattorney.com/vitality-group-international-inc-data-breach-investigation/
- https://www.humana.com
- https://www.mass.gov/doc/assigned-data-breach-number-29905-the-vitality-group-llc/download
- https://www.healthline.com
- https://www.mass.gov/doc/assigned-data-breach-number-29905-the-vitality-group-llc-additional-information-7/download
- https://www.evernorth.com