A data breach has compromised the personal patient information of a regional Medi-Cal Managed Care system. 

The data breach impacting Fresno-based CalViva Health members happened Jan. 25 and was announced last week. Health Net Community Solutions, Inc., CalViva’s business associate, discovered the cyberattack.

One of Health Net’s vendors, Accellion, experienced a file transfer platform that was compromised. The transfer allowed a malicious party to view or download data files dated from Jan. 7 to Jan 25. Health Net notified and confirmed to CalViva that the incident impacted some of its members.

Accellion is a third-party Palo Alto-based company that aims to prevent cybersecurity breaches. After cybersecurity forensics company FireEye Mandiant investigated the attack, it concluded that there are no other exploited gaps in Accellion’s system.

Health Net has since ceased using Accellion’s services, and has removed all CalViva Health data from Accellion’s systems.

There has been no indication that members’ information was used maliciously, but out of caution, CalViva Health recommends that potentially affected members take steps to secure their information. 

Individuals have been notified and offered resources including one year of free credit monitoring and identity theft protection services.

The news from CalViva comes on the heals of another local health care system, Saint Agnes, experiencing a data breach related to a sister hospital that was discovered on Jan. 6. 

CalViva is a Medi-Cal Managed Care system serving families in Fresno, Kings and Madera counties. It reported more than 358,000 members in its 2020 annual report.

CalViva Health said it is committed to protecting the privacy and security of their members’ information. Members can call 1-866-329-9984 for questions or concerns.