MOVEit hack impacts over 1.6M Welltok patients

TechCrunch reports that Denver-based patient engagement firm Welltok had sensitive data from over 1.6 million individuals compromised after its MOVEit file transfer server was subjected to a widespread hack by the Cl0p ransomware operation. Information exfiltrated by attackers included patients' names, birthdates, addresses, and health details, as well as some patients' Social Security numbers, health insurance data, and Medicare and Medicaid numbers, according to the Virgin Pulse-owned health platform. While Stanford Health Care, Stanford Health Care Tri-Valley, Stanford Medicine Partners, Lucile Packard Children's Hospital Stanford, and Packard Children's Health Alliance have already been informed regarding the compromise of their group health plans as a result of the breach, Welltok has not yet accounted other healthcare providers, including Corewell Health, Sutter Health, and St. Bernards, which have cumulatively reported the compromise of data belonging to nearly 1.9 million patients due to the Welltok breach. More than 2,600 organizations and over 77 million individuals around the world have already been impacted by the MOVEit hack, most of which are in the U.S., said Emsisoft.