We are notifying you of a recent data security incident that may have involved protected health information, as required under the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414). Valley Family Health Care is committed to safeguarding the privacy and security of the information entrusted to us.  This notice is intended to inform you of what occurred, the information involved, the actions taken in response, and the resources available to you.

On December 9, 2025, Valley Family Health Care was advised by our Electronic Medical Record (EMR) provider, OCHIN, that their business associate, TriZetto Provider Solutions (TPS) became aware of suspicious activity within a web portal that OCHIN uses to access TPS’ systems. Upon discovering the incident, TPS launched an investigation and took steps to mitigate the issue. TPS also engaged external cybersecurity experts and notified law enforcement. TPS determined that, beginning in November 2024, an unauthorized actor began accessing some records related to insurance eligibility verification transactions that healthcare providers process to assess insurance coverage for treatment services they provide to patients. A thorough review of the affected data was conducted to identify what information was involved and the individuals to whom the data related.

After becoming aware of the incident, TPS immediately took additional protective measures to safeguard its systems and worked with leading cybersecurity experts to conduct a comprehensive investigation of the incident. TPS notified law enforcement and is cooperating with their investigation. TPS has eliminated the threat to the environment. To help prevent similar incidents from happening in the future, TPS implemented and is continuing to implement additional security protocols designed to enhance the security of its services.

The protected health information that may have been accessed varied by individual and may include name, address, date of birth, social security number, health insurance member number (including Medicare beneficiary identifiers), health insurer name, provider name, primary insured or dependent information, and other demographic, health, and health insurance information. No payment card, bank account, or other financial information was involved.

To help mitigate any potential risk to your personal information, TPS is offering affected individuals complimentary Single-Bureau Credit Monitoring, a Single-Bureau Credit Report, and a Single-Bureau Credit Score at no cost from Kroll, a company specializing in fraud assistance and remediation services. You will receive a separate notification from Kroll on or about February 9, 2026, with instructions on how to enroll in these services. We encourage you to take advantage of this offer.

At this time, Valley Family Health Care is not aware of any misuse of your information and believes that the TPS system’s error has been remediated. Nevertheless, we recommend that you remain vigilant by reviewing your account statements and credit reports for any unauthorized or suspicious activity. If you identify any concerns, you should promptly notify your financial institutions.

What TPS is Doing.

After becoming aware of the incident, TPS immediately took additional protective measures to safeguard its systems and worked with leading cybersecurity experts to conduct a comprehensive investigation of the incident. TPS notified law enforcement and is cooperating with their investigation. TPS has eliminated the threat to the environment. To help prevent similar incidents from happening in the future, TPS implemented and is continuing to implement additional security protocols designed to enhance the security of its services.

What You Can Do.

While no payment card, bank account, or other financial information was involved, and TPS has no evidence that any of your information has been subject to identity theft or fraud, you should always remain alert by regularly reviewing your account statements and monitoring free credit reports and immediately reporting to your banks and other financial institutions any suspicious activity involving your accounts. The enclosed “General Information about Identity Theft Protection” Attachment B provides further information about ways to do this. We also encourage you to enroll in the identity monitoring services that we have offered to you.

Valley Family Health Care takes its obligations to protect the privacy and security of protected health information seriously. We regret that this incident occurred and understand the importance of maintaining the confidentiality of patient information entrusted to us. If you have questions or would like additional information regarding this matter, the letter you will receive on or by February 9th will contain a phone number to a help line and additional information. Additional, you can contact WHO

Respectfully,

Valley Family Health Care