Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Over a million Welltok patients have private data leaked in latest MOVEit attack

Data.

The list of MOVEit victims has kept on growing, and can now have healthcare provider Welltok added to it.

TechCrunch found the company has begun sending out breach notifications to affected customers after filing a breach notification with the Maine Attorney General, outlining how, despite an initial investigation showing no evidence of compromise, a second analysis determined unauthorized access enabled via the MOVEit vulnerability.

Welltok also published an announcement on its website, in which it claimed hackers stole Social Security Numbers (SSN), Medicare and Medicaid ID numbers and, for some patients, health insurance data, along with names, birth dates, postal addresses, and healthcare information, with around 1.6 million people thought to have been affected overall.


More victims

The incident affected group healthcare plans for Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance, the company added. 

TechCrunch also believes Welltok may have not listed all of the affected clients. It found Corewell Health, Sutter Health, and St. Bernards, all confirming data breaches recently, and allegedly - all three were using Welltok for patient communication.

The firm, acquired by Virgin Pulse in November 2021, is a patient engagement company that encourages users to engage with their healthcare providers via text, email, social media, and similar.

In late May 2023, cybersecurity researchers determined that MOVEit, a well-known managed file transfer product, carried a major security flaw that allowed hackers to steal sensitive data. 

MOVEit was used by many organizations around the world, including SMBs and large enterprises and newer estimates show that more than 2,500 companies may have been affected by the breach. More than 60 million people have had their sensitive data stolen in the attack whose aftermath is still being uncovered today.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.