Welltok Data Breach Affects 8.5 Million Patients: A Result of MOVEit Transfer Software Vulnerability

November 23, 2023

Welltok, a company offering health optimization solutions, has disclosed a data breach that has affected approximately 8.5 million patients in the U.S. The company's MOVEit Transfer server was compromised by hackers on July 26, 2023.

"On July 26, 2023, Welltok was alerted to an earlier alleged compromise of our MOVEit Transfer server in connection with software vulnerabilities made public by the developer of the MOVEit Transfer tool. Welltok had previously installed all published patches and security upgrades immediately upon such patches being made available by Progress Software, the developer of the MOVEit Transfer tool." stated the company in a notice.

The investigation, which involved a complete reconstruction of systems and historical data, confirmed on August 11, 2023, that an unauthorized actor had exploited software vulnerabilities and had accessed the MOVEit Transfer server on May 30, 2023. The perpetrator exfiltrated certain data during that time.

The breach was part of a larger hacking campaign that exploited a zero-day vulnerability in the MOVEit Transfer software. The threat actors accessed patient data including full names, email addresses, physical addresses, and telephone numbers. In some cases, they also obtained Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain health insurance information. Despite the breach, Welltok stated that there's no evidence of misuse of the patients' information.

The Cl0p ransomware group was identified as the perpetrator of the large-scale hacking campaign targeting the MOVEit Transfer platform. The group exploited the zero-day vulnerability CVE-2023-34362 to hack platforms worldwide and steal data. According to cybersecurity firm Emsisoft, the attacks have impacted about 1,000 organizations and over 60 million individuals.

The majority of the victims were U.S.-based organizations (83.9%), followed by Germany (3.6%), Canada (2.6%), and the U.K. (2.1%). The finance, professional services, and education sectors were the most affected, accounting for 24.3% and 26.0% of incidents respectively. The Welltok data breach was one of the most significant in the MOVEit data breaches, ranking third in the number of affected individuals.

Related News

• Data Breach at AutoZone: 185,000 Customers Impacted by MOVEit Hack
• SEC Probes Progress Software Over MOVEit Ransomware Attack
• Sony Interactive Entertainment Data Breach: Personal Information of 6,800 Individuals Exposed
• Over 2,000 Entities Hit by Cl0p Ransomware Group Exploiting MOVEit Vulnerability
• Clop Ransomware Attack on BORN Ontario Child Registry Impacts 3.4 Million Individuals

Latest News

• Critical Security Flaws in ownCloud File Sharing App Could Expose Admin Passwords
• Critical Microsoft Excel Vulnerability Exposed: Details on CVE-2023-36041
• Data Breach at AutoZone: 185,000 Customers Impacted by MOVEit Hack
• Urgent Warnings Issued on CitrixBleed Exploitation by LockBit Ransomware Gang
• Visual Studio Code RCE Vulnerability (CVE-2023-36742): Public PoC Exploit Revealed