Welltok, a Denver-based company that provides software for healthcare organizations, discloses a data breach affecting 8 million users.
Initially, Welltok didn’t reveal the breach, but later, in a statement, it revealed that the threat actors had stolen information belonging to some 8,493,379 patients. The company detailed the scope of an incident in notice posted to the U.S. Department of Health and Human Services website.
Threat actors have gained access to affected patients’ names, email addresses, home addresses, and telephone numbers. The breach also compromised some individuals’ Social Security numbers, Medicare and Medicaid ID numbers, and certain health insurance information.
Welltok develops software that healthcare organizations such as hospitals use to share information with patients. It also provides an application for managing wellness programs. The patient data that the cyberattack compromised was entrusted to Welltok by more than a dozen healthcare organizations that use its software to support their work.
The company detailed that the hackers stole the data by breaching its deployment of MOVEit Transfer, a cloud service organization used to move data between internal applications. The hacking campaign was carried out by Clop, a ransomware group believed to be based in Russia.
In its breach disclosure, Welltok stated that the hackers gained access to its MOVEit Transfer deployment on June 26. The company claims the cyberattack occurred despite the fact that it had downloaded all the security patches provided by Progress Software. Welltok claims it implemented the updates as soon as they become available.
The breach at Welltok is the second largest cyberattack involving MOVEit Transfer by the number of people affected. In the largest breach, which affected government services company Maximus Inc., hackers as many as 11 million users’ data. Overall, it’s estimated that the MOVEit Transfer hacking campaign has compromised information belonging to about 62 million people.
Nice 👌