Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.
The company was one of the victims of the large-scale hacking campaign exploiting a zero-day in MOVEit Transfer software.
Threat actors were able to obtain patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals.
The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.
Source: https://securityaffairs.com/154663/data-breach/welltok-data-breach-11m-patients.html
"id": "BRI353271123",
"linkid": "bridgespan-health",
"type": "Breach",
"date": "11/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"