Welltok data breach impacted 8.5 million patients in the U.S.

Pierluigi Paganini November 23, 2023

Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.

Welltok is a company that specializes in health optimization solutions. It provides a platform that leverages data-driven insights to engage individuals in their health and well-being. The platform aims to personalize and optimize health programs for individuals, employers, health plans, and other organizations.

The company disclosed a data breach that exposed the personal data of nearly 8.5 million patients (8,493,379) in the U.S.. On July 26, 2023, threat actors hacked the company’s MOVEit Transfer server.

“On July 26, 2023, Welltok was alerted to an earlier alleged compromise of our MOVEit Transfer server in connection with software vulnerabilities made public by the developer of the MOVEit Transfer tool.  Welltok had previously installed all published patches and security upgrades immediately upon such patches being made available by Progress Software, the developer of the MOVEit Transfer tool.” reads a notice published by the company. “After a full reconstruction of our systems and historical data, the investigation determined on August 11, 2023 that an unauthorized actor exploited software vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and exfiltrated certain data from the MOVEit Transfer server during that time. “

The company was one of the victims of the large-scale hacking campaign exploiting a zero-day in MOVEit Transfer software.

Threat actors gained access to patient data, including full names, email addresses, physical addresses, and telephone numbers. For some of the impacted individuals, threat actors also gained access to Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.

The company has no evidence that any of patients’ information has been misused.

Welltok is providing notice to impacted individuals on behalf of the following organizations:

  • Asuris Northwest Health
  • BridgeSpan Health
  • Blue Cross and Blue Shield of Minnesota and Blue Plus
  • Blue Cross and Blue Shield of Alabama
  • Blue Cross and Blue Shield of Kansas
  • Blue Cross and Blue Shield of North Carolina
  • Corewell Health
  • Faith Regional Health Services
  • Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
  • Mass General Brigham Health Plan
  • Priority Health
  • Regence BlueCross BlueShield of Oregon
  • Regence BlueShield
  • Regence BlueCross BlueShield of Utah
  • Regence Blue Shield of Idaho
  • St. Bernards Healthcare
  • Sutter Health
  • Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
  • The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
  • The Guthrie Clinic

In August, cybersecurity firm Emsisoft shared disconcerting details about the recent, massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation.

According to the experts, the attacks impacted approximately 1,000 Organizations and 60,144,069 individuals. The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data.

The data is sourced from state breach notifications, SEC filings, and other public disclosures, as well as the leak site maintained by the Cl0p group, and is current as of August 25, 2023.

The researchers reported that the attacks impacted tens of millions of individuals. Below is the list of organizations with the highest number of impacted individuals:

Maximus11 million
Pôle emploi10 million
Louisiana Office of Motor Vehicles6 million
Colorado Department of Health Care Policy and Financing4 million
Oregon Department of Transportation3.5 million
Teachers Insurance and Annuity Association of America2.6 million
Genworth2.5 million
PH Tech1.7 million
Milliman Solutions1.2 million
Wilton Reassurance Company1.2 million

“U.S.-based organizations account for 83.9 percent of known victims, Germany-based 3.6 percent, Canada-based 2.6 percent, and U.K.-based 2.1 percent.” reads the report published by Emsisoft. “The most heavily impacted sectors are finance and professional services and education, which account for 24.3 percent and 26.0 percent of incidents respectively.”

Examining the table above, we can conclude that the Welltok data breach ranks third in terms of the number of affected people in the MOVEit data breaches.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MoveIT)

you might also like

leave a comment