Virta Health Data Breach Exposes Sensitive PHI and PII

Published

June 15, 2026

Updated

June 15, 2026

Virta Health

Affected by the data breach? You may be entitled to compensation. Submit a claim today.

Virta Health Corp. and Virta Medical P.C., which together provide virtual care for patients with type 2 diabetes and other metabolic conditions, disclosed a data breach involving unauthorized access to a data repository containing sensitive personal and medical information. The total number of individuals affected has not been publicly disclosed.

An unauthorized third party potentially accessed files within a Virta Health data repository between March 19, 2026, and March 22, 2026. The affected repository was separate from Virta Health's current production platform.

Following a thorough review of the affected data, the company found that the types of information exposed included names, Social Security numbers, individual tax identification numbers, dates of birth, contact information, health insurance information, medical diagnosis information, medical condition or treatment information, dates of medical service, physician or medical facility information, medical record numbers and other unique health identifiers.

The breach was disclosed to the California Attorney General on June 12, 2026. The company also posted a notice of the data event on its website.

Virta Health's response to the breach

Virta Health is offering affected individuals 12 months of complimentary single bureau credit monitoring, single bureau credit report and single bureau credit score services.

To enroll in the free credit monitoring, affected individuals need to visit the enrollment portal and enter the unique code included in their notification letter. Enrollment must be completed within 90 days of the letter's date.

Virta Health has set up a dedicated assistance line to answer questions about the incident. The call center is available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, excluding major U.S. holidays. The phone number for the assistance line is included in each affected individual's notification letter.

Affected individuals may also contact the company by email at incident@virtahealth.com.