Welltok, a healthcare Software as a Service (SaaS) provider, has reported unauthorized access to its MOVEit Transfer server, impacting the personal information of nearly 8.5 million patients in the United States. The breach, detected on July 26, 2023, has raised concerns about the security of patient data and has significant implications for healthcare providers across various states.
Welltok Data Leaked Because of MOVEit
Welltok specializes in online wellness programs, predictive analytics, and supporting healthcare needs for providers nationwide. The breach, resulting from a MOVEit software vulnerability exploited by the Cl0p ransomware gang, allowed unauthorized access to confidential patient data.
Sensitive patient information compromised during the breach includes a whole lot of information. Among them are full names, email addresses, physical addresses, telephone numbers, Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain health insurance information. The breach has affected healthcare institutions in multiple states, with notable providers such as:
- Blue Cross and Blue Shield
- Corewell Health
- Mass General Brigham Health Plan
- Corewell Health
- Faith Regional Health Services
Welltok’s initial estimates didn’t disclose the full scale of impacted individuals. However, recent reports confirm that 8,493,379 people have been affected, making it the second-largest MOVEit data breach after Maximus. The breach’s ripple effect extends to various healthcare plans, emphasizing the widespread consequences for patients and healthcare providers.
Implications of Welltok Data Breach
Welltok sent out data breach letters to those impacted by the data security incident on November 17, 2023. The letters contain a list of compromised information.
A review of the affected files revealed that they contained sensitive information about health plan members, including their names, dates of birth, addresses, and health records. In addition, some individuals’ Social Security numbers, Medicare/Medicaid IDs, and health insurance information were also stolen. A substitute breach notification was uploaded to the Welltok website in October. However, the page was set as no-index, meaning it wouldn’t be indexed by search engines and would only likely be found by individuals who visited the website.
How to prevent data breaches?
To prevent data breaches, organizations should prioritize a comprehensive cybersecurity strategy. Begin by conducting regular security audits and implementing strong access controls, ensuring employees have minimal access privileges. Encrypt sensitive data both in transit and at rest, utilizing robust encryption methods. Keep systems updated with the latest security patches and employ multi-factor authentication to enhance access security.
Invest in employee training to raise awareness about cybersecurity risks, particularly phishing attacks. Secure network perimeters using firewalls and intrusion detection systems, monitoring user activities for any anomalies. Regularly back up critical data and establish a solid recovery plan to minimize downtime in case of a breach.
