Data of 8.5 million patients compromised in the United States

Emre Çitak
Nov 23, 2023
Updated • Nov 23, 2023

Healthcare SaaS provider Welltok has disclosed a data breach that has compromised the personal information of nearly 8.5 million patients in the United States.

Welltok works with healthcare providers across the US, providing online wellness programs, maintaining databases with personal patient data, generating predictive analytics, and supporting healthcare needs such as medication adherence and pandemic response.

The Welltok data breach occurred in July 26 2023 when a file transfer program used by Welltok was hacked. The exposed data includes names, addresses, email addresses, phone numbers, and for some, Social Security numbers, Medicare/Medicaid ID numbers, and health insurance information.

The Welltok data breach is believed to have been caused by the Clop ransomware gang, which has been responsible for other high-profile attacks in recent months. The gang exploited a zero-day vulnerability in the MOVEit software to gain access to Welltok's systems.

How did Welltok data breach happen
Welltok data breach affected around 8.5 million patients in the United States

Welltok data breach has been confirmed by the company

As mentioned in their blog post, Welltok has notified affected healthcare providers and is working with them to provide support to patients. The company is also offering affected patients free credit monitoring and identity theft protection services, by saying these:

‘’ We take this event and the security of personal information in our care very seriously.  Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals.  As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event. We are notifying impacted individuals for whom a valid mailing address is available via U.S. mail and offering them credit monitoring and identity protection services. We are also notifying applicable regulators’’.

How did the Welltok data breach happen?

On July 26, 2023, Welltok was alerted to a potential compromise of its MOVEit Transfer server due to known software vulnerabilities. Despite promptly installing all available patches and security upgrades, Welltok launched an investigation to determine the extent of the potential breach.

With the assistance of cybersecurity experts, Welltok conducted a thorough examination of its systems and networks, including historical data, to identify any hidden vulnerabilities and assess the security of the data stored on the MOVEit Transfer server.

On August 11, 2023, the investigation concluded that an unauthorized actor had exploited software vulnerabilities to access the MOVEit Transfer server on May 30, 2023, and exfiltrated certain data.

Welltok immediately embarked on a detailed reconstruction and review of the data stored on the server at the time of the breach to determine the nature and extent of the compromised information. On August 26, 2023, Welltok confirmed that data related to a specific group of individuals was present on the impacted server during the incident.

How did Welltok data breach happen
The company said that the Welltok data breach happened during a server transfer

Multiple providers affected

The Welltok data breach impacted healthcare providers in several states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts.

Affected healthcare providers include:

  • Blue Cross and Blue Shield of Minnesota and Blue Plus
  • Blue Cross and Blue Shield of Alabama
  • Blue Cross and Blue Shield of Kansas
  • Blue Cross and Blue Shield of North Carolina
  • Corewell Health
  • Faith Regional Health Services
  • Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
  • Mass General Brigham Health Plan
  • Priority Health
  • St. Bernards Healthcare
  • Sutter Health
  • Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
  • The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
  • The Guthrie Clinic

If you have already received service from the mentioned healthcare providers and have not received any mail from Welltok, we recommend that you contact the SaaS provider.

Featured image credit: Welltok.


Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.