On January 31, 2023, US Wellness, a comprehensive wellness services company, announced that it had experienced a data security incident. The incident affected certain personal and/or protected health information (PHI) of some of the company's clients.
The incident was caused by a vulnerability in a third-party vendor's software that was used by US Wellness to manage its customer data. The vulnerability allowed an unauthorized individual to access and download a limited amount of PHI from the vendor's servers.
The affected PHI included names, addresses, dates of birth, member ID numbers, and other demographic information. However, no financial information or medical records were affected.
US Wellness has taken steps to secure its systems and prevent future incidents. The company has also notified the affected individuals and offered them free credit monitoring services.
How the data breach happened
The data breach was caused by a vulnerability in a third-party vendor's software that was used by US Wellness to manage its customer data. The vulnerability allowed an unauthorized individual to access and download a limited amount of PHI from the vendor's servers.
The vulnerability was discovered by the vendor and patched on January 31, 2023. However, the unauthorized individual had already accessed and downloaded the PHI before the vulnerability was patched.
What information was affected
The affected PHI included names, addresses, dates of birth, member ID numbers, and other demographic information. However, no financial information or medical records were affected.
What US Wellness is doing to protect its customers
US Wellness has taken steps to secure its systems and prevent future incidents. These steps include:
Encrypting all PHI stored on its systems
Implementing multi-factor authentication for all users
Conducting regular security audits
US Wellness has also notified the affected individuals and offered them free credit monitoring services.
What you can do to protect yourself
If you are one of the individuals affected by the US Wellness data breach, there are a few things you can do to protect yourself:
Sign up for free credit monitoring services: US Wellness is offering free credit monitoring services to all affected individuals. This will help you to detect any unauthorized activity on your credit report.
Place a fraud alert on your credit report: A fraud alert is a free service that tells creditors to take extra steps to verify your identity before opening a new account in your name.
Review your credit report for any unauthorized activity: You can get a free copy of your credit report from each of the three major credit bureaus once per year at annualcreditreport.com.
Be vigilant about your personal information: Be careful about who you share your personal information with, and make sure to use strong passwords and security practices.
How to protect yourself from data breaches
There are a few things you can do to protect yourself from data breaches:
Use strong passwords and security practices: This includes using different passwords for different accounts, and making sure your passwords are difficult to guess.
Be careful about what information you share online: Only share your personal information with trusted websites and organizations.
Keep your software up to date: Software updates often include security patches that can help to protect your devices from malware and other threats.
Be aware of the latest scams and phishing attacks: Scammers and phishers are constantly coming up with new ways to trick people into giving up their personal information. Be aware of the latest scams and phishing attacks, and don't click on links or open attachments from unknown senders.
By following these tips, you can help to protect yourself from data breaches.
Conclusion
The US Wellness data breach is a reminder that even the most secure companies can be vulnerable to cyberattacks. However, by following the tips above, you can help to protect yourself from data breaches and the consequences that can follow.
