The Vitality Group, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Vitality Group, LLC, experienced a data breach due to a vulnerability in the MOVEit file transfer software developed by Progress Software. The breach was first identified on June 1, 2023, when Vitality disconnected the MOVEit software from its server to prevent further unauthorized access[3]. The vulnerability allowed an unauthorized party to access and remove sensitive data, including names, Social Security numbers, mailing addresses, dates of birth, and health information of certain individuals[3][7].

The breach affected a total of 10,244 individuals, including 2 Maine residents[7]. Vitality Group began sending out data breach notification letters on July 6, 2023, to all affected individuals, advising them of the breach and the steps they could take to protect themselves[7]. The company also offered 24 months of credit monitoring and identity theft protection services through Experian to the impacted individuals[13][15].

Vitality Group is a healthcare software company based in Chicago, Illinois, that provides a mobile platform for health and wellness updates in real-time, encouraging users to prioritize their health through incentives, data, and behavioral science[1]. The software is used by more than 30 million people in 40 markets worldwide, and the company employs over 359 people with an annual revenue of approximately $99 million[1][3].

The breach was reported to various state attorneys general, including those of Montana, Massachusetts, and Maine[1][3][7]. As of the time of the reports, there was no indication that the impacted information had been misused[13].

Citations:

  1. https://www.jdsupra.com/legalnews/vitality-group-confirms-moveit-1611521/
  2. https://twitter.com/TeamVitality
  3. https://www.jdsupra.com/legalnews/the-vitality-group-provides-notice-of-8008517/
  4. https://www.johnhancock.com/index.html
  5. https://www.doj.nh.gov/consumer/security-breaches/documents/vitality-group-20230628.pdf
  6. https://www.lilly.com
  7. https://apps.web.maine.gov/online/aeviewer/ME/40/b44c74d9-1ffb-4e7a-8b27-32c946297225.shtml
  8. https://www.doterra.com/US/en
  9. https://www.idstrong.com/sentinel/vitality-moveit-data-breach/
  10. https://studyfinds.org/kiwis-boost-mood-4-days/
  11. https://www.myinjuryattorney.com/vitality-group-international-inc-data-breach-investigation/
  12. https://www.humana.com
  13. https://www.mass.gov/doc/assigned-data-breach-number-29905-the-vitality-group-llc/download
  14. https://www.healthline.com
  15. https://www.mass.gov/doc/assigned-data-breach-number-29905-the-vitality-group-llc-additional-information-7/download
  16. https://www.evernorth.com
Breach Submission Date Jul 11, 2023
Converted Entity Name The Vitality Group, LLC
Converted Entity Type Business Associate
State IL
Individuals Affected 17,971
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes