On November 13, 2023, Davis Polk & Wardell, LLP (“Davis Polk”) filed a notice with the Attorney General of Vermont discussing a third-party data breach that occurred at one of the company’s vendors, Rightway Healthcare (“Rightway”). In this notice, Davis Polk explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers and dates of birth. Upon completing its investigation, Davis Polk began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a letter from Davis Polk discussing the Rightway Healthcare data breach, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Rightway Healthcare data breach. For more information, please see our recent piece on the topic here.

What Caused the Rightway Healthcare Data Breach?

The Rightway Healthcare data breach was only recently announced, and more information is expected in the near future. However, Davis Polk’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. According to this source, Rightway provides healthcare concierge services to Davis Polk. On October 19, 2023, Rightway notified Davis Polk about a data security incident that occurred on September 23, 2023.

While the letter does not provide many details about the attack, as a result of the incident, Rightway was able to determine that certain data in Rightway’s care was subject to unauthorized access.

In response, Davis Polk requested information about the incident and conducted its own investigation, confirming that the unauthorized party was able to access confidential information related to Davis Polk’s Human Resources Department.

After learning that sensitive consumer data was accessible to an unauthorized party, Davis Polk reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number and date of birth.

On November 13, 2023, Rightway Healthcare sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Notably, the Rightway Healthcare data breach appears to have impacted other corporate customers, including Okta. For example, the Maine Attorney General’s Data Breach Notifications page contains a listing for Okta, Inc. The linked data breach letter references the same Rightway Healthcare data breach, which impacted just under 5,000 Okta employees.

More Information About Rightway Healthcare

Founded in 2017, Rightway Healthcare is a healthcare software company based in New York, New York. Rightway creates software that helps consumers understand their coverage and provides concierge support for employees. Rightway Healthcare employs more than 200 people and generates approximately $42 million in annual revenue.