Healthcare Data Breach Impacts Millions of Patients in the U.S.
Imagine waking up one day to find out that your personal information has been exposed to cybercriminals. A chilling thought, right? That’s precisely the unfortunate reality for nearly 8.5 million patients in the U.S. due to a data breach at healthcare SaaS provider Welltok.
The Culprit: MOVEit Software Vulnerability
Welltok is a company that works with health service providers all over the U.S., offering online wellness programs, maintaining databases with patients’ personal data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response. Earlier this year, the Clop ransomware gang took advantage of a zero-day vulnerability in the MOVEit software, causing breaches in thousands of organizations worldwide. This resulted in extortion demands and data leaks impacting over 77 million people.
Welltok’s Response and the Extent of the Breach
Welltok published a notice of the data incident in late October, stating that its MOVEit Transfer server was breached on July 26, 2023. This happened despite the company applying security updates as soon as they were made available by the vendor.
Detailed patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some people, Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and specific Health Insurance information were also compromised.
The breach impacted institutions in various states, such as Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with numerous healthcare providers affected:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Initially, the number of impacted individuals was unclear, as Welltok did not immediately disclose this information. However, the company recently reported to the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people. This staggering figure ranks the Welltok breach as the second-largest MOVEit data breach, following the Maximus breach that affected 11 million people.
Protect Your Business and Your Customers
As a business owner, it’s your responsibility to protect your customers’ data. This high-profile breach serves as a stark reminder of the potential consequences of failing to do so. Don’t let your business and customers become the next victims. Reach out to us today and learn how ZZ Servers can help you safeguard your valuable data and ensure the security of your online systems. Let’s work together to prevent future breaches and keep your customers’ information safe.