- Don't Forget This: Study Shows Cannabis Exacts a Toll on Your Memory
- Want To Stress Less? Start With These Everyday Habits
- Journalists Shine Light on Out-of-Reach Insurance Prices, AI’s Role in Claims Disputes, and Susie Wiles
- Arizona behavioral health center adds 10 adolescent beds
- The explosion of the Medicare Advantage special needs plan
- The explosion of the Medicare Advantage special needs plan
- We’re Great Thinkers…But Not Rethinkers
- North Star to cut additional jobs
- North Star to cut additional jobs
- Oregon Governor asks PeaceHealth to delay contract switch: 11 things to know
- 6 Optum updates to know from Q1
- Viewpoint: US nursing workforce faces several risks
- The shifting dental hygiene landscape
- 12 dental insurance updates in 30 days
- ‘The 1980s called’: CMS to phase out fax, mail
- ‘The 1980s called’: CMS to phase out fax, mail
- Aligning IT & clinical teams: How to reduce friction and improve communication
- AI tool targets billing gaps at Kentucky system
- AI in pharmacy: Why pilots stall at hospitals
- 37 recent hospital, health system executive moves
- This ASC startup is wiring AI into the fabric of outpatient surgery
- Springer Nature retracts 38 papers over autism dataset
- Intermountain plans new outpatient clinic
- Legacy Health, Regence BCBS face looming contract expiration
- Meet the COOs of the largest DSOs
- Michigan bills target outpatient fees, CON requirements
- Anesthesia group, lawmakers oppose Medicare cuts to non-opioid pain treatment
- Iowa lifts emergency suspension of transplant surgeon’s license
- Vascular center, physician CEO to pay $4M to settle fraud allegations
- In the Affordability Alphabet Soup of the ACA and EHBs, a Link to Higher Premiums Isn’t Clear-Cut
- 5 cardiologists stepping into leadership roles
- New York organizations partner on intellectual, developmental disabilities campus
- Cincinnati hospital acquires outpatient center for $6M
- CMS final rule aims to ax the fax machine, phase out paper mailing
- 24 profitable health systems in 2025
- How 2 CFOs plan for uncertainty
- Heartland Dental expands with Texas affiliation
- MD Anderson opens colorectal cancer center
- SALT Dental Partners adds Washington practice
- 11 dental school updates to know
- 6 health systems seeking revenue cycle executive directors
- Remarks at The SEC Speaks in 2026: From Kitchen Table to Cap Table—Making Capital Formation Work for Small Businesses
- Integrated care model drives 76% depression improvement in 44 days: Study
- Heart Benefits From GLP-1 Drugs Fade After Stopping, Study Finds
- Survey Shows More People Struggling To Afford ACA Insurance
- Up to 155,000 COVID Deaths May Not Have Been Counted, Study Finds
- FDA Drops Plan To Ban Tanning Beds for Minors Nationwide
- Idaho bill proposes consolidating dental regulatory oversight
- Washington hospital charts path to preserve primary care
- 4 DSOs making headlines
- 6 state behavioral health policy updates
- 80% of returning ACA enrollees report higher healthcare costs in 2026
- Fitch downgrades HonorHealth’s credit rating
- NYC Health + Hospitals names dentistry, oral surgery leaders
- Mindray North America Enters Ventilator Market
- Mindray North America Enters Ventilator Market
- LivaNova Receives FDA Premarket Approval for to treat Moderate to Severe Obstructive Sleep Apnea
- LivaNova Receives FDA Premarket Approval for to treat Moderate to Severe Obstructive Sleep Apnea
- Perfuze Receives FDA 510(k) Clearance for Millipede88 Aspiration Catheter
- Perfuze Receives FDA 510(k) Clearance for Millipede88 Aspiration Catheter
- EPA proposes new rule on Ethylene Oxide Emissions: Could Loosen Limits on Medical Device Sterilization
- EPA proposes new rule on Ethylene Oxide Emissions: Could Loosen Limits on Medical Device Sterilization
- With Novo's semaglutide going off patent, Indian drugmakers set to launch their cheaper generics
- Sanofi backs 2 more documentary films about rare blood disorders
- ACIP member's miscommunication on vaccine panel's future adds to confusion after court ruling
- Rhythm's Imcivree scores 'transformative' FDA approval in brain damage-related obesity
- Some Patients With ADHD and Addiction History Missing Out
- Social Media Poses Risks to Children's Mental Health, Review Concludes
- Does Closing Your Eyes Help You Hear Better?
- 'Early Bird' Exercisers Get The Most Health Benefits, Study Finds
- High Blood Pressure Deaths Quadruple Among Young Women, Study Finds
- Meningitis Vaccine Doesn't Protect Gay, Bisexual Men From Gonorrhea, Clinical Trial Concludes
- ‘How Low Can You Go?’ The Shifting Guidelines for Blood Pressure Control
- Listen: Trump’s NIH ‘Reset’ Is Driving Away Scientists
- Oz Escalates Medicaid Fraud Claims Against States After Focus on Minnesota
- Mississippi to fund clinical trials for psychedelic drug
- Lawmakers push bill to boost mental health workforce, diversity
- Florida State partners with behavioral health provider on research
- Utah governor signs hygienist autonomy bill
- UHS CEO: Talkspace deal builds 1st national ‘end-to-end’ behavioral model
- Psychedelic therapy shows no benefit over antidepressants: Study
- What the Health? From KFF Health News: RFK Jr.’s Vaccine Schedule Changes Blocked — For Now
- Verily banks $300M to accelerate AI road map, transitions to independent company
- KFF: ACA plan enrollees report rising costs for 2026 coverage
- Industry Voices—Stop buying AI tools, start designing AI architecture
- CSL warns of supply shortfall, treatment delays for hemophilia gene therapy Hemgenix
- 10K Corewell Health nurses vote to authorize labor strike
- Providence mulling sale of its health plan amid financial pressures
- Fierce Pharma Asia—World's 1st brain chip nod; AZ's cell therapy bet; Astellas-CytomX breakup
- Gut Microbiome May Take Years to Recover From Antibiotic Use
- Prepared Remarks Before SEC Speaks
- The Art and Science of Materiality
- Capital, Choice, and the Pursuit of Happiness: Remarks at The SEC Speaks in 2026
- Novo's Wegovy HD passes muster under FDA national priority voucher program
- Hospital operations begin 2026 with depressed margins amid low volumes, high labor spend
- The Math Behind Eczema Flare-Ups May Finally Add Up
- Male preconception startup Upstream announces donor-matching platform
- Women's health sector could grow to $600B industry by 2030: PwC report
- Democratic senators detail plans to take on 'Big Insurance'
- Both Types Of Diabetes Increase Dementia Risk
- Aldi Recalls Spinach Bites Over Possible Contamination
- Collegium ponies up $650M to gain ADHD drug Azstarys from Corium
- Maryland bill calls for more transparency in pharma's disease awareness campaigns
- After Alfasigma's GSK licensing deal, Lynavoy picks up FDA nod in rare liver disease
- What To Know About Fatty Liver Disease and Why It’s So Common
- Drug Smoking Linked To Surge In Severe Burn Cases
- Thymus Gland Health May Be Key to Long Life and Fighting Cancer
- Premature Menopause Increases Heart Disease Risk
- U.S. Teen Obesity Hits Record Highs While Efforts to Slim Down Drop
- Pesticide Exposure Before Pregnancy Might Risk Newborn Health
- UPDATED: AstraZeneca to build cell therapy manufacturing hub, R&D center in Shanghai
- Many ACA Customers Are Paying Higher Premiums. Most Blame Trump and Republicans, Poll Finds.
- Lawmakers Seek To Protect Crisis Pregnancy Centers as Abortion Clinic Numbers Shrink
- Oz Says California’s Not Fighting Health Care Fraud, but Data Shows It’s Part of a Larger Battle
- Watch: Affordability Plagues Health Care in Its Shift From Nonprofit to Profit Machine
- CDMO Axplora to pump $60M into Italian complex API plant
- Pfizer eyes earlier Talzenna use after phase 3 prostate cancer win
- Prodeon Medical FDA 510(k) approved for the Urocross Expander System, a Non-Permanent Retrievable Implant for Treating Benign Prostatic Hyperplasia
- Prodeon Medical FDA 510(k) approved for the Urocross Expander System, a Non-Permanent Retrievable Implant for Treating Benign Prostatic Hyperplasia
- JenaValve Gets FDA Nod for Trilogy Transcatheter Heart Valve (THV) to Treat Aortic Regurgitation (ssAR)
- JenaValve Gets FDA Nod for Trilogy Transcatheter Heart Valve (THV) to Treat Aortic Regurgitation (ssAR)
- Turquoise Health raises $40M to power healthcare contracts, payments
- To tackle healthcare costs, representatives weigh curbs on provider consolidation
- A look at Highmark's specialty pharmacy partnership with Free Market Health
- AD/PD 2026: New data highlight potential cost-effectiveness of confirmatory AD blood testing in U.S. diagnostic pathways
- With downgrade, HSBC casts doubt about Lilly's 'stairway to heaven' trajectory
- TrumpRx's 'world's lowest' drug price claims fall short in global comparison: NYT
- Study Finds Little Proof Cannabis Helps Most Mental Health Conditions
- Meningitis Outbreak Tied to Students Leaves 2 Dead and 11 Sick in England
- J&J, Protagonist's 'game-changer' once-daily psoriasis pill Icotyde nabs FDA approval
- Belly Fat Linked To Heart Failure Risk
- Women More Likely To Survive Cancer Than Men — At A Cost
- BMS brings 'Emily in Paris' star and cancer survivor Ashley Park aboard campaign honoring oncologists
- Sandoz expands biosim collab with Samsung Bioepis, sets sights on Takeda's Entyvio
- Ultra-Processed Foods Linked To Heart Attack, Stroke, Cardiac Arrest
- E. Coli Outbreak Tied To Raw Cheddar Cheese Sickens 7 People
- The Sunshine Vitamin and COVID: New Study Finds Mixed Results for Recovery
- Too Much Smartphone Use Linked to Disordered Eating in Teens
- Shingles Vaccine Protects Heart Failure Patients From Heart Attack, Stroke
- White House Chief of Staff Susie Wiles Diagnosed With Early Breast Cancer
- Gates-backed TerraPower Isotopes blueprints $450M plant to supply next wave of radiopharmaceuticals
- Regulation Crypto Assets: A Token Safe Harbor
- The Last Chapter in the Book of Howey
- Payers, hospitals pan CMS' plan to bring non-network plans to ACA exchanges
- Optum Real and Suki build out collaboration to tackle payment challenges as R1 teams with AI scribe Heidi
- Indiana homes in on life sciences with $1B growth strategy, plan to create 100K jobs
- Moody's: Insurers' 2026 outlook is negative as cost pressures continue to batter industry
- GSK's management of Flovent allowed it to 'game the system': Hassan
- Allina Health to join Sutter Health in $26B proposed transaction
- Norovirus Sickens Close to 200 People on Caribbean Cruise
More than one million Michiganders' data were were stolen in a cybersecurity breach at a Corewell Health contractor, Welltok, Inc. About 8 million Americans' records in total were exposed in this breach.
Welltok is an SaaS (software as a service) company which provides communication services for Corewell Health's southeastern Michigan operations and a portal for Priority Health, among many other healthcare companies across America.
Welltok data breach exposes data of 8.5 million US patients
By Bill Toulas - November 22, 2023Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response.
Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit software to breach thousands of organizations worldwide, following up with extortion demands and data leaks impacting over 77 million people.
Welltok published a notice of a data incident in late October, warning that its MOVEit Transfer server was breached on July 26, 2023. This occurred despite applying the security updates as soon as those were made available by the vendor.
Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
The impact of the breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the following healthcare providers said to be impacted:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Initial estimates about the number of impacted individuals varied as Welltok didn’t immediately disclose this information.
However, earlier today, the firm reported on the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people.
This figure places the Welltok breach as the second largest MOVEit data breach after services contractor Maximus, whose data breach affected 11 million people.
AG Dana Nessel is now involved:
Corewell Health Data Breach Exposes Info of One Million Michigan Patients
December 01, 2023
LANSING – A cybersecurity breach at Welltok, Inc., the software company contracted to provide communications services to Corewell Health’s southeastern Michigan properties, has reportedly affected more than one million Michigan residents, Attorney General Dana Nessel announced.The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information, and Social Security numbers for about one million Corewell Health patients were compromised in the breach. In addition, the names, addresses, and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were also compromised, according to a statement from the health system earlier this month. In total, the breach affected nearly 8.5 people nationally.
The attack, which occurred on May 30, exploited software vulnerabilities on the MOVEit Transfer server owned by Virgin Pulse, Welltok's parent company.
“Health information is some of the most personal information that we have,” said Nessel. “If there was ever data that required heightened cybersecurity measures, it is the information held by the healthcare sector. This kind of breach has occurred too often, and patients deserve to feel confident that their health data is protected in the most robust way possible. My office remains committed to helping Michigan residents keep their data private and secure.”
Welltok has confirmed that those affected include people who have received health care or insurance provided by the following companies:
- Asuris Northwest Health
- BridgeSpan Health
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Regence BlueCross BlueShield of Oregon
- Regence BlueShield
- Regence BlueCross BlueShield of Utah
- Regence Blue Shield of Idaho
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
According to the HIPAA Journal, this cyberattack marks the fourth-largest healthcare data breach in the U.S. this year. The U.S. Department of Health and Human Services reported that data breaches among healthcare organizations more than doubled from 2019 to 2021. In 2022, at least 28.5 million healthcare records were breached nationwide.
Michigan, in particular, has experienced a surge in healthcare-related cyberattacks. In recent months, Attorney General Nessel notified Michigan residents about a ransomware attack affecting 2.5 million McLaren Health Care patients. Similarly, the University of Michigan faced a cyberattack in late August, leading to the compromise of personal information, including Social Security numbers, driver’s license or other government-issued ID numbers, and medical records.
If Welltok has a valid mailing address on file, the company is mailing a notice letter to individuals whose information was determined to be in the affected files. Anyone who does not receive a notice letter but would like to know if they are affected, or has other questions, may call the Welltok dedicated assistance line at 800-628-2141.
Although potentially impacted individuals should be receiving a notice letter from Welltok, state law does not currently require companies who experience a data breach to share that information with the Department of Attorney General. The Department often learns about these data breaches through media reports. The AG strongly recommends the legislature – similar to many other states – strengthen our law to require companies who experience a data breach to immediately inform the Department of Attorney General. This will allow the Attorney General to more quickly alert the public.
“Michigan simply must catch up to the states that require Attorney General notification of these significant breaches,” added Nessel. “To fulfill our duties of consumer protection and corporate oversight, the Department of Attorney General must be alerted to these breaches, when personal health and identifying information that is so often used to commit identity crimes, is compromised and made unsecure.”
The Department of Attorney General’s Data Breaches: What to do Next alert provides consumers with useful information about what kind of information can be accessed during a data breach.
To file a complaint with the Attorney General, or get additional information, contact:
Consumer Protection Team:
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint formYour connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime on a variety of topics.
Typo alert for the AG's office.
In total, the breach affected nearly 8.5 people nationally.
Data for over 1 million Michiganders, Corewell Health patients compromised after massive Welltok cyber attack
By Cassandra Llamas Fossen, 2 days ago
(WWJ) - Roughly 1 million Michiganders were impacted after a cyber security breach was discovered at Welltok Inc., a healthcare software-as-a-service company contracted by Corewell Health.
Welltok recently notified over 8 million Americans on behalf of 20 healthcare providers and plans, including Corewell Health, of the data breach stemming from the May 2023 MOVEit hack, stating an unauthorized individual was able to view and exfiltrate sensitive information.
Priority Health -- a Corewell-owned insurance plan -- was also impacted, with data for 2,500 Priority members exposed.
The cyber attack is one of the largest breaches reported to the U.S. Department of Health and Human Services (HHS) so far this year.
According to Welltok, the hackers were able to take advantage of a vulnerability in Progress Software’s MOVEit Transfer server. The company said it immediately patched the vulnerability when it was found on May 31 and made any necessary security upgrades.
While Welltock conducted an examination into the incident, it wasn't until Aug. 11 when a third-party company hired to reconstruct its systems and historical data discovered the breach.
A letter was sent out earlier in November to the 8,493,379 people affected by the massive breach.
“We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals,” Welltok stated.
Names, addresses, email addresses, and phone numbers, including a small amount of Social Security numbers, health insurance information, and Medicare/Medicaid ID numbers were all reported to have been impacted.
“As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event," Welltok said.
"While we have no evidence that any of your information has been misused, we are notifying you and providing information and resources to help protect your personal information," Welltok said in a statement.
Welltok opened a dedicated assistance line at 800-628-2141 to help patients who may have questions about the incident.
The company recommended credit monitoring for those affected by the breach.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
Friends of MHF
Kirsten DeVries
Tom & Karen Nunheimer
Steve Ahonen
Ron & Faith Bosserman
Marlin & Kathy Klumpp
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
