Virta Medical Data Breach Investigation
According to a notice dated June 17, 2026, Virta Health Corp. and Virta Medical, P.C. reported a security incident involving a data repository separate from the current production platform. The company said certain files may have been accessed and that the information involved may have included Social Security numbers and health-related details. If you received a letter, it is important to review the notice, enroll in any offered credit monitoring, and monitor your accounts and explanation-of-benefits statements. If you want to understand your legal options, you can fill out the form on this page to contact Strauss Borrelli PLLC.
Virta Medical, P.C. is identified in the notice together with Virta Health Corp., which the letter refers to collectively as “Virta Health.” According to the notice, the organization had personal information in connection with Virta services people enrolled in or received through an employer, health plan, or other sponsoring organization. The structured filing data available for this post lists the entity in Colorado.
Key Facts at a Glance
- Company: Virta Medical, P.C., identified in the notice alongside Virta Health Corp.
- What was reported: According to the notice, unauthorized activity was identified in a data repository separate from the current production platform.
- When access may have occurred: March 19, 2026 to March 22, 2026.
- When the activity was discovered: March 24, 2026.
- When notice was sent: June 17, 2026.
- Information that may have been involved: name, Social Security number, date of birth, date of medical service, medical diagnosis information, physician or medical facility information, medical condition or treatment information, medical record number, and other unique health identifier.
- Affected population: The public notice reviewed here does not state how many individuals were affected.
- Support offered: The notice says 12 months of complimentary single-bureau credit monitoring, credit report, credit score services, and fraud assistance were offered.
What Happened?
According to the company’s notice, Virta Health identified unauthorized activity in late March 2026 involving a data repository that was separate from its current production platform. The notice says the company secured the environment, began an investigation, engaged external cybersecurity experts, and notified law enforcement.
The company further reported that certain files in that repository were potentially accessed during a several-day window. After reviewing the affected data, Virta Health stated that some personal information may have been exposed to an unauthorized third party. The notice also says there was no indication of misuse at the time the letters were sent.
What Information Was Exposed?
Based on the notice, the information that may have been involved included a person’s name together with highly sensitive identifiers and health-related details. Reported data elements may have included Social Security number, date of birth, date of medical service, medical diagnosis information, physician or medical facility information, medical condition or treatment information, medical record number, and another unique health identifier.
That combination can matter because it may create risks beyond ordinary spam or phishing. Social Security numbers can increase identity theft concerns, while medical and treatment information may raise privacy concerns and the possibility of medical-related fraud. The public materials reviewed do not clarify whether every affected individual had the same categories of information involved.
What Should You Do Next?
- Review the notice carefully and enroll in the offered monitoring. According to the letter, complimentary credit monitoring and related services are available for 12 months, and enrollment must be completed within 90 days of the letter date.
- Monitor your credit and financial accounts. Watch for unfamiliar accounts, charges, or credit inquiries. If something looks wrong, contact the relevant bank, lender, or credit bureau promptly.
- Check your health records and explanation-of-benefits statements. Look for services, prescriptions, or provider activity you do not recognize. If you see anything suspicious, contact your health plan or provider right away.
- Consider added safeguards. Depending on your situation, a fraud alert or security freeze may help reduce the risk of new-account fraud. Keep copies of any letters, screenshots, and notes of suspicious activity.
- Stay alert for follow-up scams. After a reported incident, scammers may send emails or texts that appear related to benefits, claims, or account verification. Avoid clicking unexpected links or sharing personal information unless you independently confirm the source.
- Ask questions and learn your options. The notice lists incident@virtahealth.com for incident-related questions. If you want to understand whether you may qualify for a claim, you can also fill out the form on this page to contact Strauss Borrelli PLLC.
Your Legal Rights
If your personal information was involved in a reported data incident, your rights may depend on the facts, the kinds of data at issue, and the laws that apply in your state. In some situations, affected individuals may seek to recover losses tied to identity theft, out-of-pocket expenses, time spent addressing fraud risks, or other harms related to the exposure of sensitive information. Whether any claim exists will depend on facts that may still be developing.
It can still be worth preserving documents now. Keep the notice letter, note any suspicious activity, save receipts for expenses related to credit protection or account remediation, and document the time you spend responding. This article is general information only and is not individualized legal advice.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC focuses on data breach and privacy incident matters and has experience evaluating reported security incidents affecting consumers. Our team works to identify what a company disclosed, what information may have been involved, and what practical and legal steps may be available to affected people.
We aim to give clear answers in plain English, not pressure. If you received a notice related to this reported incident and want help understanding your options, Strauss Borrelli PLLC can review the available facts and discuss what to do next. You can use the form on this page to reach out for a free case review.
If you received a breach notification letter from Virta Medical:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
