- Aspen Dental targets fast-growing Georgia city for new practice
- Michael Dowling: Now is not the time to abandon gun safety efforts
- A new wording test on ‘Medicare for All’
- UCI Health started as 1 hospital. 50 years and 6 hospitals later, CEO charts its future
- Virtua Health names president of 2 New Jersey hospitals
- Colorado wildfires send dozens to UCHealth hospitals
- Northwell appoints chair of surgery
- How 5 health systems are avoiding a repeat of the 2023 chemo shortage
- Nashville General taps CEO
- NewYork-Presbyterian rolls out OpenEvidence AI across its network
- Oswego Health expands surgery, orthopedic services New York
- Vanderbilt professor elected 40th president of bariatric group
- The ASC tax squeeze is gaining momentum
- The private equity race regulators haven’t caught up to
- Weill Cornell taps new chair of surgery, surgeon-in-chief
- The state-by-state battle over anesthesia time caps
- What happens to ASC contracts when a payer gets absorbed
- What will make or break the future of DSO success
- Dentistry reaches inflection point with AI
- Former UPMC cardiologist drops lawsuit over CEO’s device company ties
- Dental assistant pay vs. cost of living by state
- South Carolina cites behavioral health facility over missing correction plan
- Former Mayo Clinic research director sues system over alleged retaliation for raising AI practice concerns
- Senators urge Defense Department to expand autism therapy coverage under Tricare
- GI consolidation’s new era: 5 deals to know
- The GI procedure cuts in CMS’ pay proposal: 5 things to know
- ‘The economics just don’t work’: CMS’ ACCESS model draws scrutiny
- Washington restricts spit hood use in state psychiatric facilities
- Memorial Hermann Health Plan winds down commercial coverage
- Remarks at the Society for Corporate Governance Conference
- Maryland health system receives $10M gift to construct ASC
- 1-800-Dentist faces class-action lawsuit over data breach
- Staten Island hospital debuts mobile behavioral health program for youth
- CVS' Omnicare unit agrees to $440M settlement with DOJ in ongoing fraud case
- GLP-1 Use Hits Record High As Medicare Opens Access To Weight-Loss Drugs
- Founder of telehealth startup Done sentenced to six years in prison for Adderall fraud scheme
- HHS calls on hospitals to sign 'Make Hospital Food Healthier Pledge'
- Foundation Fights Medical Errors That Claim 200,000 U.S. Lives A Year
- Former exec alleges Alignment Healthcare leaders juiced profits to boost bonuses
- In compensation push, HHS gears up to draft COVID vaccine injury table
- AZ, Ionis shares tumble on ATTR-CM trial flop, but analyst flags over-reaction
- Frazier Healthcare Partners to acquire MatrixCare in $490M deal
- New, Highly Accurate Brush Test Can Detect Mouth Cancer Within An Hour
- Innovative Hip Replacement Cuts Post-Surgery Risk Of Dislocation By 70%
- Global Study Finds Kids Worldwide Skipping Fruits And Vegetables
- Ipsen’s Botox rival Dysport charts new horizons with dual phase 3 wins in migraine
- Affordable Care Act Insurers Want More Premium Increases As Enrollment Sags
- My Search for a Psychiatric Bed in an Overburdened Health System
- Dr. Reddy's presses pause on generic semaglutide supply after flagging API issue
- OpenEvidence launches medical AI copilot feature that grades medical evidence and unveils NewYork-Presbyterian collaboration
- Novo Nordisk asks public to ‘Meet Me in the Middle’ in new obesity experience installation
- BioNTech plots right-sized HER2 ADC launch to ‘build the muscle’ for BMS-partnered bispecific
- Telehealth ex-CEO sentenced in Adderall fraud case: 5 things to know
- Oklahoma awards 4 behavioral health clinic contracts
- The key to patient trust in dentistry
- Good news, bad news for the dental workforce
- 7 behavioral health layoffs to know | 2026
- 200+ dentists making headlines halfway through 2026
- How students are paying for dental school
- Health tech startup Forus inks partnership with GI medical society to improve medication access
- U of Kentucky dental dean receives top educator award
- UnitedHealthcare unveils Lifestyle Spending Accounts for employer plans
- FDA hits Lundbeck with untitled letter over efficacy claims on migraine drug Vyepti
- Sanofi floats flu shot marketing pledges to pacify EU antitrust probe
- 36 behavioral health executive moves to know
- Delaware establishes statewide opioid treatment guidance for EDs
- Tampa General Hospital sues Eli Lilly over pulled 340B discounts
- Viz.ai expands neurodegenerative disease care in new partnership with Cortechs.ai
- E. Coli Outbreak Prompts Recall Of Frozen Blueberries At Publix
- Drinking Coffee May Lower Your Risk of Liver Disease
- FDA halts release of new drug rejection letters while working to formalize policy
- Mass General Brigham nurses, home care clinicians launch largest healthcare strike in state history
- ACA plans set for another year of premium spikes, preliminary filings show
- AI wearables company Vilo launches Signal OS ahead of upcoming smart ring launch
- CureDuchenne lights the candles with DMD public service campaign highlighting birthdays
- Zimmer Biomet to Hire 500 in India as New Bengaluru Technology Centre Drives AI and MedTech Innovation
- Foreign drugmaker caught faking doctors’ petition to evade China’s price cut scheme
- AdaptHealth Investigates Data Breach After Social Engineering Attack, Possible Link to ShinyHunters Emerges
- Keenova gets on the good foot with Xiaflex trial win in rare tissue growth condition
- Evonik plugs $100M into Indiana drug substance plant as US CDMO demand mounts
- Rumination Plays Key Role In Caregiver Stress, Study Says
- U.S. Teens Underestimate Risks Of Fentanyl Use, Survey Finds
- Men More Likely To Be Diagnosed With Advanced Cancer
- Primary care’s AI moment
- Copay Assistance Is Meant To Defray Patient Drug Costs. Some Insurers Keep It Instead.
- Training Program Could Ward Off Injuries Among Soccer Girls
- Affordable Care Act Insurers Want More Premium Increases as Enrollment Sags
- Patients Face a Thicket of Red Tape Trying To Maintain Consistent Health Coverage
- Leo Cancer Care secures $65M to advance upright radiotherapy system as company preps for IPO
- Catalent sells UK facility to Codis, expands Nanoscope partnership
- Allergan Aesthetics helps map paths for young women in STEM with Girls Inc. event
- Nonprofit-private equity joint ventures worth scrutiny, PESP report says
- American Heart Association joins social network Roon for medical research collaboration
- Independent pharmacies hit Prime Therapeutics with antitrust suit over alleged price fixing
- Thousands of Medicare Beneficiaries Thought Their Drug Plan Was Free. Then They Lost It.
- Michigan, Other States See Unusual Spike In Parasite That Causes 'Explosive' Diarrhea
- Statement on the 2026 Regulatory Agenda
- GLP-1 'Secret Shopper' Study Finds Gaps in Online Prescribing
- Applying Agentic AI to Healthcare Delivery: The Key to True Transformation
- From Compliance to Clinical Action: Fixing the Broken Loop in Post-Market Surveillance
- Novartis dismisses 322 more staffers based out of US headquarters
- Bristol lays out KRAS med Krazati's stumble in confirmatory colorectal cancer trial
- Fatty Liver Boosts Odds Of More Deadly Colon Cancer, Study Says
- Weight Loss Surgery Increases Risk Of Alcoholism, Study Says
- IV Vitamin C Might Boost Recuperation Among Trauma Patients
- These Church Members Disagree On Politics. Together They're Wiping Out Medical Debt.
- Exercise Can Ward Off Nicotine Fits, Help Smokers Quit
- Copay Assistance Is Meant To Defray Patient Drug Costs. Some Insurers Keep It Instead.
- Thousands of Medicare Beneficiaries Thought Their Drug Plan Was Free. Then They Lost It.
- On heels of Bain buyout, Tanabe inks deal to sell manufacturing unit and 17 drugs to Towa
- FDA approves Vera’s dual-target Trutakna, setting up IgAN market battle with Novartis, Otsuka
- Vertex, in its largest-ever deal, acquires endocrine disease specialist Crinetics for $10B
- Real Chemistry snaps up Spurwing Communications, launches new Asia Pacific hub
- Skin quality driving widespread quality-of-life issues: survey
- AI care partner Heidi puts a spin on pharma ad tropes in new campaign to relieve 'side effects'
- Nonprofit hospitals are embracing high-risk, high-reward investment portfolios. Is that a problem?
- New California Law Replaces 'Sell By' Labels On Food Packaging
- Study Raises New Questions About Artificial Sweeteners
- Teladoc Health inks multi-year virtual care deal with National Basketball Players Association
- FDA deepens Vertex's Casgevy label, opening treatment for patients as young as 2
- Calling Low-Risk Prostate Cancer Something Else Might Save More Lives, Researchers Argue
- Taking Small Breaks From Sitting Around Can Lower Your Cancer Risk
- Learning Languages Could Net You A Younger Brain, Study Says
- New Disease Threats Follow Trump Administration's Health Program Cuts
- New Medicaid Work Rule Means More Opportunities To Lose Coverage
- In California Governor’s Race, Voters Face Stark Choice on Immigrant Healthcare
- Epic plans to expand 4 executives' roles as President Sumit Rana exits the company
- Journalists Discuss Healthcare Costs’ Political Fallout, Concerns About Canceled ICE Facility
- FDA Lets 20 ZYN Nicotine Pouches Claim Lower Risk Than Cigarettes; Critics Warn Of Danger
- Ultra-Processed Foods Linked To Brain Differences In Young Children
- Prompt Responses From Mom Might Lower A Baby's Risk Of Childhood Mental Health Problems
- Rehab Program Helps Lift Long COVID 'Brain Fog'
- Why Are You Right- Or Left-Handed? Experiments Suggest Surprisingly Simple Explanation
- Rural Americans More Likely To View Cancer As A Death Sentence, Poll Finds
- He Dreamed Of Becoming A Physician Assistant. New Loan Rules May Thwart Him.
- HealthQ Special: Caregiving in the Sandwich Generation
- A Mom Said Infant Formula Killed Her Baby. The Manufacturer Closed the File.
- FDA Scientists Warn Against Expanded Peptide Access As Kennedy Reshapes Advisory Panel
- Regulatory tracker: AbbVie, Genmab's blood cancer bispecific expands label in EU
- Can A Popular Muscle Supplement Help Treat Depression?
- Melatonin Shows Promise As Safe, Cheap Painkiller, Review Concludes
- Heat Dome Coming: Tips To Stay Safe During Extreme Temps
- Diets That Lower Inflammation Might Cut Dementia Risk, Study Indicates
- Vitamins Might Be Key To Asthma Control In Children, Adults
- Remarks at the Economic Club of New York
- Is Your Organization Ready to Govern AI in Regulatory Affairs?
- CMS Proposes TAVR Medicare Coverage is Potential Boost for Edwards Lifesciences
- Remarks to the US-CEE Connection: Transatlantic Challenges in Law, Business & Policy
- Statement Regarding Minimum Pricing Increments and Access Fee Caps
- Statement at the SEC Open Meeting on the Trade-Through Rule and Locked and Crossed Markets Provisions of Regulation NMS
Michigan healthcare freedom community forum
More than one million Michiganders' data were were stolen in a cybersecurity breach at a Corewell Health contractor, Welltok, Inc. About 8 million Americans' records in total were exposed in this breach.
Welltok is an SaaS (software as a service) company which provides communication services for Corewell Health's southeastern Michigan operations and a portal for Priority Health, among many other healthcare companies across America.
Welltok data breach exposes data of 8.5 million US patients
By Bill Toulas - November 22, 2023Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response.
Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit software to breach thousands of organizations worldwide, following up with extortion demands and data leaks impacting over 77 million people.
Welltok published a notice of a data incident in late October, warning that its MOVEit Transfer server was breached on July 26, 2023. This occurred despite applying the security updates as soon as those were made available by the vendor.
Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
The impact of the breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the following healthcare providers said to be impacted:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Initial estimates about the number of impacted individuals varied as Welltok didn’t immediately disclose this information.
However, earlier today, the firm reported on the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people.
This figure places the Welltok breach as the second largest MOVEit data breach after services contractor Maximus, whose data breach affected 11 million people.
AG Dana Nessel is now involved:
Corewell Health Data Breach Exposes Info of One Million Michigan Patients
December 01, 2023
LANSING – A cybersecurity breach at Welltok, Inc., the software company contracted to provide communications services to Corewell Health’s southeastern Michigan properties, has reportedly affected more than one million Michigan residents, Attorney General Dana Nessel announced.The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information, and Social Security numbers for about one million Corewell Health patients were compromised in the breach. In addition, the names, addresses, and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were also compromised, according to a statement from the health system earlier this month. In total, the breach affected nearly 8.5 people nationally.
The attack, which occurred on May 30, exploited software vulnerabilities on the MOVEit Transfer server owned by Virgin Pulse, Welltok's parent company.
“Health information is some of the most personal information that we have,” said Nessel. “If there was ever data that required heightened cybersecurity measures, it is the information held by the healthcare sector. This kind of breach has occurred too often, and patients deserve to feel confident that their health data is protected in the most robust way possible. My office remains committed to helping Michigan residents keep their data private and secure.”
Welltok has confirmed that those affected include people who have received health care or insurance provided by the following companies:
- Asuris Northwest Health
- BridgeSpan Health
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Regence BlueCross BlueShield of Oregon
- Regence BlueShield
- Regence BlueCross BlueShield of Utah
- Regence Blue Shield of Idaho
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
According to the HIPAA Journal, this cyberattack marks the fourth-largest healthcare data breach in the U.S. this year. The U.S. Department of Health and Human Services reported that data breaches among healthcare organizations more than doubled from 2019 to 2021. In 2022, at least 28.5 million healthcare records were breached nationwide.
Michigan, in particular, has experienced a surge in healthcare-related cyberattacks. In recent months, Attorney General Nessel notified Michigan residents about a ransomware attack affecting 2.5 million McLaren Health Care patients. Similarly, the University of Michigan faced a cyberattack in late August, leading to the compromise of personal information, including Social Security numbers, driver’s license or other government-issued ID numbers, and medical records.
If Welltok has a valid mailing address on file, the company is mailing a notice letter to individuals whose information was determined to be in the affected files. Anyone who does not receive a notice letter but would like to know if they are affected, or has other questions, may call the Welltok dedicated assistance line at 800-628-2141.
Although potentially impacted individuals should be receiving a notice letter from Welltok, state law does not currently require companies who experience a data breach to share that information with the Department of Attorney General. The Department often learns about these data breaches through media reports. The AG strongly recommends the legislature – similar to many other states – strengthen our law to require companies who experience a data breach to immediately inform the Department of Attorney General. This will allow the Attorney General to more quickly alert the public.
“Michigan simply must catch up to the states that require Attorney General notification of these significant breaches,” added Nessel. “To fulfill our duties of consumer protection and corporate oversight, the Department of Attorney General must be alerted to these breaches, when personal health and identifying information that is so often used to commit identity crimes, is compromised and made unsecure.”
The Department of Attorney General’s Data Breaches: What to do Next alert provides consumers with useful information about what kind of information can be accessed during a data breach.
To file a complaint with the Attorney General, or get additional information, contact:
Consumer Protection Team:
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint formYour connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime on a variety of topics.
Typo alert for the AG's office.
In total, the breach affected nearly 8.5 people nationally.
Data for over 1 million Michiganders, Corewell Health patients compromised after massive Welltok cyber attack
By Cassandra Llamas Fossen, 2 days ago
(WWJ) - Roughly 1 million Michiganders were impacted after a cyber security breach was discovered at Welltok Inc., a healthcare software-as-a-service company contracted by Corewell Health.
Welltok recently notified over 8 million Americans on behalf of 20 healthcare providers and plans, including Corewell Health, of the data breach stemming from the May 2023 MOVEit hack, stating an unauthorized individual was able to view and exfiltrate sensitive information.
Priority Health -- a Corewell-owned insurance plan -- was also impacted, with data for 2,500 Priority members exposed.
The cyber attack is one of the largest breaches reported to the U.S. Department of Health and Human Services (HHS) so far this year.
According to Welltok, the hackers were able to take advantage of a vulnerability in Progress Software’s MOVEit Transfer server. The company said it immediately patched the vulnerability when it was found on May 31 and made any necessary security upgrades.
While Welltock conducted an examination into the incident, it wasn't until Aug. 11 when a third-party company hired to reconstruct its systems and historical data discovered the breach.
A letter was sent out earlier in November to the 8,493,379 people affected by the massive breach.
“We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals,” Welltok stated.
Names, addresses, email addresses, and phone numbers, including a small amount of Social Security numbers, health insurance information, and Medicare/Medicaid ID numbers were all reported to have been impacted.
“As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event," Welltok said.
"While we have no evidence that any of your information has been misused, we are notifying you and providing information and resources to help protect your personal information," Welltok said in a statement.
Welltok opened a dedicated assistance line at 800-628-2141 to help patients who may have questions about the incident.
The company recommended credit monitoring for those affected by the breach.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
























