Affinity Legacy Inc. (formerly known as Affinity Health Plan, Inc.) has confirmed a data breach at a former third-party vendor resulted in the theft of personal data from 5,538 former Medicare Advantage members.
Affinity is a Bronx-based nonprofit that addressed the health care needs of underserved communities through grants to community-based organizations in Westchester, Rockland and Orange counties plus New York City and Long Island – stated the impacted individuals were former members of Affinity’s Medicare Advantage Plan prior to 2019 or members of an EmblemHealth Medicare Advantage Plan after 2019. The vendor, which was not publicly identified, determined that an unauthorized party had accessed and downloaded certain files from its MOVEit Secure File Transfer server between May 30 and June 2.
The breached personal information may include name, mailing address, date of birth, social security number, Medicare number and/or medical diagnoses codes. Impacted members have been contacted directly and were provided information on how to access complimentary Personal Identity and Privacy Protection through a national leader in data breach response services.
Affinity added that its systems were not impacted by this incident.
