Welltok, a prominent Healthcare SaaS provider, has reported a security incident involving a Welltok data breach that compromised the personal information of approximately 8.5 million patients in the United States. Welltok collaborates with healthcare providers nationwide, delivering online wellness programs, maintaining databases containing personal patient data, generating predictive analytics, and supporting healthcare requirements such as medication adherence and pandemic response.

The Welltok data breach transpired on July 26, 2023, when a file transfer program utilized by Welltok was exploited by external actors, resulting in unauthorized access.

The compromised data in the Welltok data breach encompasses:

• Names
• Addresses
• Email addresses
• Phone numbers
• Social Security numbers
• Medicare/Medicaid ID numbers
• Health insurance information

The incident is attributed to the Clop ransomware gang, known for orchestrating other notable cyber attacks in recent months. The group leveraged a zero-day vulnerability in the MOVEit software to infiltrate Welltok’s systems.

Welltok data breach confirmed by the officials

The company has officially confirmed the Welltok data breach and has taken immediate action. In a blog post about the Welltok data breach, the company expressed its commitment to addressing the situation responsibly, informing affected healthcare providers, and collaborating with them to support impacted patients, by stating:

”We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals. As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event. We are notifying impacted individuals for whom a valid mailing address is available via U.S. mail and offering them credit monitoring and identity protection services. We are also notifying applicable regulators”.

Furthermore, Welltok is offering affected individuals complimentary credit monitoring and identity theft protection services. The company emphasized its dedication to data privacy and outlined plans to enhance existing policies and procedures to mitigate the risk of future incidents.

How did the Welltok data breach happen?

The breach timeline indicates that Welltok was alerted to a potential compromise on July 26, promptly initiating an investigation despite having installed all available patches and security upgrades. Collaborating with cybersecurity experts, the company conducted a thorough examination of its systems and networks. The investigation concluded on August 11, 2023, confirming unauthorized access to the MOVEit Transfer server on May 30, 2023, with data exfiltration.

Welltok undertook a meticulous review of the compromised data and confirmed on August 26, 2023, that specific information related to a group of individuals was present on the impacted server during the incident.

Take immediate action if you suspect from Virgin Pulse data breach

The repercussions of the Welltok data breach, which have now working under the Virgin Pulse, extend to multiple healthcare providers in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts.

Affected healthcare providers affected include:

• Blue Cross and Blue Shield entities
• Corewell Health
• Faith Regional Health Services
• Mass General Brigham Health Plan
• Priority Health
• St. Bernards Healthcare
• Sutter Health
• Trane Technologies Company LLC
• Stanford Health Care
• Lucile Packard Children’s Hospital Stanford
• Stanford Medicine Partners
• Packard Children’s Health Alliance
• The Guthrie Clinic

Individuals who have received services from the mentioned healthcare providers and have not received communication from Welltok are advised to promptly contact the SaaS provider for further guidance.

How can affected individuals protect themselves?

Affected individuals can take several measures to safeguard themselves in the aftermath of the Welltok data breach. Welltok, in its commitment to addressing the situation responsibly, is offering affected individuals free credit monitoring and identity theft protection services.

To further enhance personal security, individuals are advised to consider the following steps:

• Social Security Numbers: As Social Security numbers are sensitive and can be used for identity theft, consider placing a fraud alert on your credit reports. This can add an extra layer of protection by requiring verification when new accounts are opened
• Medicare/Medicaid ID numbers: Monitor statements from Medicare/Medicaid for any unauthorized services. Report any discrepancies or suspicious activities promptly
• Email addresses: Be cautious of phishing attempts via email. Avoid clicking on links or providing personal information in response to unsolicited emails. Verify the authenticity of emails before taking any action
• Phone numbers: Be wary of unsolicited calls or messages asking for personal information. Avoid sharing sensitive details over the phone unless you can verify the identity of the caller
• Update security measures: Update passwords for your online accounts, especially those linked to healthcare portals. Use strong, unique passwords for each account to enhance security

Should you change your Social Security Number?

We should clarify that changing your Social Security Number (SSN) is not a typical response to a security breach, even one as significant as the Welltok data breach. The steps to change your SSN are generally reserved for extreme cases of identity theft, harassment, abuse, or life-endangering situations. In the context of a data breach, the primary focus should be on monitoring and protecting your existing information rather than changing your SSN.

However, in response to the Welltok security breach, where sensitive information such as Social Security numbers was compromised, individuals should take proactive steps to safeguard their personal information as mentioned above.

---

Featured image credit: Welltok.