Healthcare SaaS supplier Welltok is warning {that a} information breach uncovered the non-public information of almost 8.5 million sufferers within the U.S. after a file switch program utilized by the corporate was hacked in a knowledge theft assault.
Welltok works with well being service suppliers throughout the U.S., sustaining on-line wellness packages, holding databases with private affected person information, producing predictive analytics, and supporting healthcare wants like treatment adherence and pandemic response.
Earlier this yr, the Clop ransomware gang exploited a zero-day vulnerability within the MOVEit software program to breach hundreds of organizations worldwide, following up with extortion calls for and information leaks impacting over 77 million individuals.
Welltok printed a discover of a knowledge incident in late October, warning that its MOVEit Switch server was breached on July 26, 2023. This occurred regardless of making use of the safety updates as quickly as these had been made accessible by the seller.
Affected person information was uncovered through the breach, together with full names, electronic mail addresses, bodily addresses, and phone numbers. For some, it additionally consists of Social Safety Numbers (SSNs), Medicare/Medicaid ID numbers, and sure Well being Insurance coverage data.
The affect of the breach impacted establishments in varied states, together with Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the next healthcare suppliers mentioned to be impacted:
- Blue Cross and Blue Protect of Minnesota and Blue Plus
- Blue Cross and Blue Protect of Alabama
- Blue Cross and Blue Protect of Kansas
- Blue Cross and Blue Protect of North Carolina
- Corewell Well being
- Religion Regional Well being Providers
- Hospital & Medical Basis of Paris, Inc. dba Horizon Well being
- Mass Common Brigham Well being Plan
- Precedence Well being
- St. Bernards Healthcare
- Sutter Well being
- Trane Applied sciences Firm LLC and/or group well being plans sponsored by Trane Applied sciences Firm LLC or Trane U.S. Inc.
- The group well being plans of Stanford Well being Care, of Stanford Well being Care, Lucile Packard Youngsters’s Hospital Stanford, Stanford Well being Care Tri-Valley, Stanford Drugs Companions, and Packard Youngsters’s Well being Alliance
- The Guthrie Clinic
Preliminary estimates in regards to the variety of impacted people different as Welltok didn’t instantly disclose this data.
Nevertheless, earlier at present, the agency reported on the U.S. Division of Well being and Human Providers breach portal that the information breach has been confirmed to affect 8,493,379 individuals.
This determine locations the Welltok breach because the second largest MOVEit information breach after companies contractor Maximus, whose information breach affected 11 million individuals.
