Healthcare SaaS supplier Welltok is warning {that a} data breach uncovered the non-public knowledge of almost 8.5 million sufferers within the U.S. after a file switch program utilized by the corporate was hacked in an information theft assault.
Welltok works with well being service suppliers throughout the U.S., sustaining on-line wellness packages, holding databases with private affected person knowledge, producing predictive analytics, and supporting healthcare wants like treatment adherence and pandemic response.
Earlier this 12 months, the Clop ransomware gang exploited a zero-day vulnerability within the MOVEit software program to breach 1000’s of organizations worldwide, following up with extortion calls for and knowledge leaks impacting over 77 million individuals.
Welltok revealed a discover of an information incident in late October, warning that its MOVEit Switch server was breached on July 26, 2023. This occurred regardless of making use of the security updates as quickly as these had been made accessible by the seller.
Affected person knowledge was uncovered through the breach, together with full names, electronic mail addresses, bodily addresses, and phone numbers. For some, it additionally contains Social Safety Numbers (SSNs), Medicare/Medicaid ID numbers, and sure Well being Insurance coverage info.
The affect of the breach impacted establishments in numerous states, together with Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the next healthcare suppliers stated to be impacted:
- Blue Cross and Blue Defend of Minnesota and Blue Plus
- Blue Cross and Blue Defend of Alabama
- Blue Cross and Blue Defend of Kansas
- Blue Cross and Blue Defend of North Carolina
- Corewell Well being
- Religion Regional Well being Companies
- Hospital & Medical Basis of Paris, Inc. dba Horizon Well being
- Mass Common Brigham Well being Plan
- Precedence Well being
- St. Bernards Healthcare
- Sutter Well being
- Trane Applied sciences Firm LLC and/or group well being plans sponsored by Trane Applied sciences Firm LLC or Trane U.S. Inc.
- The group well being plans of Stanford Well being Care, of Stanford Well being Care, Lucile Packard Kids’s Hospital Stanford, Stanford Well being Care Tri-Valley, Stanford Drugs Companions, and Packard Kids’s Well being Alliance
- The Guthrie Clinic
Preliminary estimates in regards to the variety of impacted people diversified as Welltok didn’t instantly disclose this info.
Nonetheless, earlier right this moment, the agency reported on the U.S. Division of Well being and Human Companies breach portal that the data breach has been confirmed to affect 8,493,379 individuals.
This determine locations the Welltok breach because the second largest MOVEit data breach after providers contractor Maximus, whose data breach affected 11 million individuals.
