Healthcare SaaS supplier Welltok is warning {that a} information breach uncovered the non-public information of almost 8.5 million sufferers within the U.S. after a file switch program utilized by the corporate was hacked in a knowledge theft assault.
Welltok works with well being service suppliers throughout the U.S., sustaining on-line wellness packages, holding databases with private affected person information, producing predictive analytics, and supporting healthcare wants like remedy adherence and pandemic response.
Earlier this yr, the Clop ransomware gang exploited a zero-day vulnerability within the MOVEit software program to breach hundreds of organizations worldwide, following up with extortion calls for and information leaks impacting over 77 million individuals.
Welltok printed a discover of a knowledge incident in late October, warning that its MOVEit Switch server was breached on July 26, 2023. This occurred regardless of making use of the safety updates as quickly as these have been made accessible by the seller.
Affected person information was uncovered in the course of the breach, together with full names, e mail addresses, bodily addresses, and phone numbers. For some, it additionally contains Social Safety Numbers (SSNs), Medicare/Medicaid ID numbers, and sure Well being Insurance coverage info.
The affect of the breach impacted establishments in varied states, together with Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the next healthcare suppliers stated to be impacted:
- Blue Cross and Blue Protect of Minnesota and Blue Plus
- Blue Cross and Blue Protect of Alabama
- Blue Cross and Blue Protect of Kansas
- Blue Cross and Blue Protect of North Carolina
- Corewell Well being
- Religion Regional Well being Providers
- Hospital & Medical Basis of Paris, Inc. dba Horizon Well being
- Mass Common Brigham Well being Plan
- Precedence Well being
- St. Bernards Healthcare
- Sutter Well being
- Trane Applied sciences Firm LLC and/or group well being plans sponsored by Trane Applied sciences Firm LLC or Trane U.S. Inc.
- The group well being plans of Stanford Well being Care, of Stanford Well being Care, Lucile Packard Kids’s Hospital Stanford, Stanford Well being Care Tri-Valley, Stanford Medication Companions, and Packard Kids’s Well being Alliance
- The Guthrie Clinic
Preliminary estimates in regards to the variety of impacted people diverse as Welltok didn’t instantly disclose this info.
Nevertheless, earlier right this moment, the agency reported on the U.S. Division of Well being and Human Providers breach portal that the information breach has been confirmed to affect 8,493,379 individuals.
This determine locations the Welltok breach because the second largest MOVEit information breach after companies contractor Maximus, whose information breach affected 11 million individuals.