A Welltok data breach resulting from a MOVEit hack

Health plans nationwide were informed about the MOVEit hack, which affected 8.5 million people, by the healthcare software company Welltok.

The May 2023 MOVEit hack resulted in a data breach that affected 8.5 million people, as reported by Welltok, a healthcare software-as-a-service provider. One of the biggest breaches to be reported to HHS in 2023 is indicated by this incident. As was previously mentioned, threat actors exploited a weakness in Progress Software’s MOVEit Transfer server, affecting MOVEit users all over the nation.

On May 31, Progress Software revealed the flaw and released a patch the same day.

According to Welltok’s notice, “Welltok had previously installed all published patches and security upgrades as soon as such patches were made available by Progress Software, the developer of the MOVEit Transfer tool.”

“In order to ascertain the possible impact of the vulnerabilities we were made aware of on the MOVEit Transfer server and the security of the data stored on the server, Welltok also carried out an examination of our systems and networks using all available information, and confirmed that there was no indication of any compromise at that time.”

However, after more research by Welltok, they discovered that some data had actually been exfiltrated from the MOVEit Transfer server by an unauthorized actor who had taken advantage of the vulnerabilities. On behalf of 20 healthcare organizations and plans, including Sutter Health, Mass General Brigham Health Plan, Blue Cross, and Blue Shield of Minnesota, Alabama, Kansas, and North Carolina, among others, Welltok sent out notifications to millions of consumers.

It’s possible that names, addresses, phone numbers, and email addresses were among the data compromised. A tiny number of Medicare/Medicaid ID numbers, health insurance details, and Social Security numbers were also compromised.

“We take great concern over the security of personal data under our control, as well as this incident.  We responded to the incident and notified anyone who might have been impacted as soon as we learned about it, Welltok said. 

“To lessen the possibility of a similar future event, we are reviewing and improving our current policies and procedures related to data privacy as part of our ongoing commitment to the security of information.”

Data from 8.5 million US patients is exposed by the Welltok data breach

Some patients and clients of Premier Health are among the nearly 8.5 million individuals affected by the data breach.

“There exists information about you that has the potential to cause chaos in your life,” Salisbury stated.

A company called Welltok makes software that allows hospitals, such as Premier, to communicate with their patients. The company, Welltok, stated that although the breach occurred on May 30, it was not discovered until July 26 in a letter to potentially affected parties.

“In actuality, healthcare data is fairly valuable,” Salisbury cautioned. “It is possible to fabricate identification documents, obtain equipment and medication for fictitious patients, and then resell those items on the illicit market.”

The letter claims that data such as names, phone numbers, addresses, and social security and Medicare/Medicaid numbers might have been compromised. This isn’t always the most sought-after information, Salisbury warned.

It’s possible that someone will give you a call and mention, “I saw that you had this medical treatment a few months ago.” “We will send collection agents after you if you don’t pay the $500 outstanding charge. I am from such and such billing company,” he said.

Salisbury said, “If you receive one of these calls, pause and consider whether this narrative makes sense.” If in doubt, he suggested consulting the purported source.

“This is the IRS,” they may call you and say. You must pay these fees and complete this task,” he said. Is this how the IRS actually operates? I receive letters from the person I work with.”

One of the identity protection or credit monitoring services is another option. In fact, Welltok is providing this to those who are affected.

Salisbury explained, “It’s just one more tool in your toolbox to help you determine whether or not information about you is out there.”

While worrying, Salisbury said there’s no need to worry about a single data breach.

With more information at their disposal to craft a more compelling story to present to you, he warned that you should be on the lookout for potential scammers. Make sure no one has opened new accounts in your name by being aware of your credit accounts.



from Virtualattacks https://ift.tt/E6p1juo

Comments