Pierluigi Paganini
November 23, 2023
Welltok is a company that specializes in health optimization solutions. It provides a platform that leverages data-driven insights to engage individuals in their health and well-being. The platform aims to personalize and optimize health programs for individuals, employers, health plans, and other organizations.
The company disclosed a data breach that exposed the personal data of nearly 8.5 million patients (8,493,379) in the U.S.. On July 26, 2023, threat actors hacked the company’s MOVEit Transfer server.
“On July 26, 2023, Welltok was alerted to an earlier alleged compromise of our MOVEit Transfer server in connection with software vulnerabilities made public by the developer of the MOVEit Transfer tool. Welltok had previously installed all published patches and security upgrades immediately upon such patches being made available by Progress Software, the developer of the MOVEit Transfer tool.” reads a notice published by the company. “After a full reconstruction of our systems and historical data, the investigation determined on August 11, 2023 that an unauthorized actor exploited software vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and exfiltrated certain data from the MOVEit Transfer server during that time. “
The company was one of the victims of the large-scale hacking campaign exploiting a zero-day in MOVEit Transfer software.
Threat actors gained access to patient data, including full names, email addresses, physical addresses, and telephone numbers. For some of the impacted individuals, threat actors also gained access to Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
The company has no evidence that any of patients’ information has been misused.
Welltok is providing notice to impacted individuals on behalf of the following organizations:
In August, cybersecurity firm Emsisoft shared disconcerting details about the recent, massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation.
According to the experts, the attacks impacted approximately 1,000 Organizations and 60,144,069 individuals. The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data.
The data is sourced from state breach notifications, SEC filings, and other public disclosures, as well as the leak site maintained by the Cl0p group, and is current as of August 25, 2023.
The researchers reported that the attacks impacted tens of millions of individuals. Below is the list of organizations with the highest number of impacted individuals:
| Organization | Individuals |
| Maximus | 11 million |
| Pôle emploi | 10 million |
| Louisiana Office of Motor Vehicles | 6 million |
| Colorado Department of Health Care Policy and Financing | 4 million |
| Oregon Department of Transportation | 3.5 million |
| Teachers Insurance and Annuity Association of America | 2.6 million |
| Genworth | 2.5 million |
| PH Tech | 1.7 million |
| Milliman Solutions | 1.2 million |
| Wilton Reassurance Company | 1.2 million |
“U.S.-based organizations account for 83.9 percent of known victims, Germany-based 3.6 percent, Canada-based 2.6 percent, and U.K.-based 2.1 percent.” reads the report published by Emsisoft. “The most heavily impacted sectors are finance and professional services and education, which account for 24.3 percent and 26.0 percent of incidents respectively.”
Examining the table above, we can conclude that the Welltok data breach ranks third in terms of the number of affected people in the MOVEit data breaches.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, MoveIT)
