- Journalists Highlight Medical Neglect in ICE Detention, RFK Jr. Antidepressant Comments
- 18 new behavioral health study findings to know
- How 5 systems are embedding behavioral health into clinical care
- ‘Who watches the watchmen?’ CMS tightens oversight of accrediting bodies — 8 things to know
- 8 hospital projects worth $1B+ in 2026
- UnitedHealth, FTC near insulin rebates settlement
- The hidden disparity built into healthcare interoperability
- Christus consolidates inpatient services at Texas hospital
- Health AI regulation gaps span scribes, prior authorization: 5 notes
- Is cardiac catheterization the new cataract surgery?
- CMS floats permanent status for Medicare drug price negotiations: 5 things to know
- 13 cybersecurity updates for ASC leaders to know
- The safety issue hiding in ASC staffing
- Elevance sues former chief execution officer over noncompete agreement
- 15% of pregnant women report current alcohol use: CDC
- 15% of pregnant women report current alcohol use: CDC
- California healthcare district board member resigns to apply for CEO role
- Vermont regulators greenlight new ASC
- What surgeons don’t understand about anesthesia
- National Real Estate Advisors acquires Montana medical campus with ASC, MOB
- 5 ASC, ambulatory leaders from the biggest health systems
- Ohio dentist to retire after 34 years, close practice
- Good news, bad news for DSOs
- California Health Worker Union, Hospital Association Tout Dueling Ballot Initiatives
- Nearly 13,000 dental professionals needed to fill shortage areas: HRSA
- The states with the widest anesthesiologist salary spreads
- Optum Rx, FTC posed for settlement in insulin pricing case
- 7 new behavioral health projects representing nearly $1B in investment
- How the fastest-growing DSO is expanding its network
- Program closures, practice openings & more: 5 oral surgery updates 30 days
- CMS proposes permanent framework for Medicare drug price negotiations
- CMS proposes permanent framework for Medicare drug price negotiations
- Dental hygienist pay up 21% since 2021
- ‘Making a bad situation worse’: 15% of psych beds lost in 4 California counties after staffing rule
- How dentist pay has evolved over the last 5 years
- Nearly 30% of Massachusetts residents filled behavioral health prescriptions
- Rhode Island Senate advances bill creating licensure pathway for foreign-trained dentists, hygienists
- The 10 states where physician assistant pay jumped the most
- Anesthesia stipends by the numbers
- SAMHSA unveils $40M behavioral health grant funding: 5 things to know
- Best, worst states for child well-being
- 5 dental school updates to know
- 7 DSOs making headlines
- Influencers, Booze And Teens: What's Showing Up In Their Feeds?
- Health 'War Room,' Digital Tools Are Tracking Disease Risks During World Cup
- Mercer survey: Employers eye cost-shifting strategies as health benefit spend rises
- Nvidia, Abridge collaborate to develop healthcare-specific AI model
- EHA: J&J sharpens myeloma edge as Talvey, Darzalex Faspro combo proves its worth in earlier disease stage
- Industry Voices—Why health systems need physicians engaged in IT leadership
- FDA hearing on Amgen's Tavneos will include findings from an independent review
- In latest twist in Zepzelca saga, Jazz and PharmaMar lung cancer drug fails phase 3 test
- Food Labels and Restrictions Can Lower Childhood Obesity Rates, Study Finds
- Tourette Patients Face High Suicide Risk, Pain And Discrimination
- Have A Risk-Taking Teen? This Brain Chemical Might Be Responsible, Researchers Say
- Sepsis, Lung Infection Patients See No Benefit From Remote Monitoring
- Overlooked Social Connections Can Prevent Suicide
- Final Rules for Medicaid Work Requirements Are Out. Here’s What You Need To Know.
- 1 in 4 Covered California Enrollees Could Get State Aid Under Newsom Proposal
- Lilly, Biogen, Eisai and Genentech sponsor new ‘Let’s Talk Alzheimer’s’ podcast
- Fierce Pharma Asia—Astellas CEO’s 5-year plan; Takeda’s psoriasis win; RA’s China bridge program
- Why this behavioral health provider just bought a pharmacy
- Statement Regarding Minimum Pricing Increments and Access Fee Caps
- North Carolina awards $10M to expand rural behavioral healthcare access
- Healthcare costs poised to jump 9% in 2027 as health plans blame AI adoption, drug prices
- Provider groups file lawsuit against HHS over anti-trans Ryan White funding rules
- Genentech executes another round of layoffs, with 3 VPs axed
- Humana to sell off minority stake in end-of-life care provider Gentiva
- Vitamin C May Be Key To A Healthier Brain As You Age
- New Vaccine Schedule Released By American College of Obstetricians & Gynecologists
- AI use is surging across HHS, jumping 148% at the FDA in 2025, Bipartisan Policy Center data finds
- AI use is surging across HHS, jumping 148% at the FDA in 2025, Bipartisan Policy Center data finds
- Statement at the SEC Open Meeting on the Trade-Through Rule and Locked and Crossed Markets Provisions of Regulation NMS
- Disorder Protection Rule: Statement on the Proposed Amendments to Rule 611 and Other Provisions of Regulation NMS
- Statement on the Proposed Amendments to Regulation NMS
- Novo reports data breach, tells clinical trial patients to 'remain vigilant'
- ‘Not simply saving cost’: Inside Astellas CEO’s 5-year strategy to counter Xtandi’s patent cliff
- OIG: Frequent MA prior authorization denials for long-term care hospitals, inpatient rehab
- From Medicaid work requirement exemptions to AI safeguards in coverage: New AMA policies from annual meeting
- Joint initiative of 5 EU countries calls for 'unified approach' to pharma framework amid US drug pricing pressure
- J&J eyes rare disease expansion for blockbuster-to-be Imaavy with trial win
- Virtual care tech companies launch 'out-of-the-box' RPM tool for pharmacies
- Can Fasting Treat Gum Disease? Study Finds Reduced Inflammation
- Living With Cats Not Linked To Worse Asthma in Children
- Few Stroke, Brain Injury Survivors Get Top-Quality Hospital Rehab
- Popular Joint Pain Supplement, Glucosamine, Might Increase Alzheimer's Risk, Study Says
- Anguished Parents. Doctors In Tears. Utah's Long Measles Outbreak Takes A Toll.
- Madrigal takes giant inflatable liver on US tour in disease awareness push
- Listen to the Latest ‘KFF Health News Minute’
- Trump Bought Tobacco Stocks and Raked In Industry Donations as FDA Eased Standards
- Olixir NY teams with Crohn's & Colitis Foundation for ‘Spill Your Guts’ campaign
- Takeda’s TYK2 inhibitor beats Bristol Myers’ Sotyktu in phase 3 psoriasis showdown
- Hospital associations push CMS for higher 2027 pay bump, softer ramp-up for mandatory model
- AHIP 2026: Why Ascendiun CEO Paul Markovich is bullish on building out a digital health record for patients
- FDA’s Greenlight of Old Chemical Offers Chance To Restore Faith in Sunscreen
- Abridge picks up strategic investment from Eli Lilly, expands payer, research workflows
- Weekly Rundown: Karias Health launches AI companion; Mount Sinai, Wisp partner to expand PrEP access in NY
- Sugary Beverages May Raise Your Risk of Liver Cancer
- This Old House: Improving and Remodeling Our Registered Offering and Filer Status Regimes
- Ardent Health's surprise CEO change reflected need for margin focus amid headwinds, CFO says
- FDA Approves First New Sunscreen Ingredient, Bemotrizinol, in Two Decades
- Trustees expect Medicare Trust Fund's reserves to run out in 2033
- Healthcare AI Works Better with Clear Roles and Honest Limits
- Eli Lilly yells ‘action’ on authentic patient portrayals at Tribeca Festival
- Teen Recovering From Concussion? A 'Sweet Spot' For Screen Time Could Speed Up Their Recovery
- AMA issues policy urging exemptions in upcoming Medicaid work requirements
- Pfizer CEO Bourla reconsiders German investments as industry takes aim at healthcare reform plan: Reuters
- Big Pharma-backed SonoThera sounds off with $125M series B for bubble-based genetic delivery
- Teva to lay off 250 at API unit as search for new owner drags on: report
- Women Hit Harder By Sleep Apnea Than Men, Study Finds
- Retro Video Game Aids Stroke Recovery, Improves Arm Function
- Experimental, Once-Daily GLP-1 Pill, Elecoglipron, May Offer New Option for Weight Loss, Diabetes
- Anguished Parents. Doctors in Tears. Utah’s Long Measles Outbreak Takes a Toll.
- Looming Medicaid Cuts Supercharge California’s Latest Labor-Industry Fight
- Genentech and Novartis dish up food allergy microdrama series
- ‘I’m a lot more optimistic today’: Mike Doustdar tells Fierce about pivotal first year as Novo Nordisk CEO
- Peirce Out: Remarks at the U.S. Chamber of Commerce Capital Markets Summit
- How Much Alcohol Is Actually Safe? A New Study Challenges Old Advice
- AbbVie’s Skyrizi narrowly slides ahead of J&J’s Tremfya in May drug ad spending rankings
- Air Pollution Might Contribute To Clogged Arteries, Heart Disease Risk
- New Study Suggests No Major Adverse Outcomes With Early GLP-1 Exposure During Pregnancy
- Feeding Babies Eggs Sooner May Cut Allergy Risk, Study Suggests
- At A Tennessee Hospital, Nurse Stole Fentanyl And AI Missed It, State Records Say
- Infections A ‘Major Health Hazard’ For People With Diabetes, Large Study Warns
- MAHA's Treatments For Autism: Camel's Milk, Stem Cell Injections — And Spelling Therapy
- Trivia Nights, Valentine’s Cards: Overlooked Social Connections Can Prevent Suicide
- AI medical advice changes care decisions of most users: survey
- FDA Expands Sunscreen Options for the First Time in 20 Years
- Children's Well-Being Plummets Across 29 States, Report Finds
- Just 5 Minutes Of Prayer Helps Reduce Pain and Anxiety, Study Finds
- Medtronic Advances Hugo Robotic Surgery Platform with Key FDA Filings and Product Approvals
- Medtronic Posts Strongest Revenue Growth in a Decade, Driven by Cardiovascular and Surgical Businesses
- Boston Scientific Plans Indiana Distribution Center, 300 New Jobs
- Irregular Sleep Risks Preschool Kids' Brain Power
- Why Alcohol Makes You Crave Salty Snacks — And How Protein-Rich Foods Can Help Prevent Weight Gain
- ADHD ‘Masking’ May Help People Blend In But Harms Mental Health
- Getting The RSV Shot, Abrysvo, While Pregnant Could Protect Your Baby After Birth
- Upcoming Billing Change Could Make Pregnancy Pricier
- Dengue Is No Longer Just A Travel Risk — What Google’s Mosquito Plan Could Mean For Your Summer
- Brain Surgery For Pituitary Tumor Helps Illinois Mom Have Second Baby
- Popular Blood Pressure Meds, Dihydropyridine Calcium-Channel Blockers, Linked To Kidney Damage Risk In Type 2 Diabetes
- Too Much Sitting In Pregnancy Doubles Risk Of Complications
- Spinal Cord Stimulation May Restore Arm Strength After Stroke
- “Harmonization: We’ll Have Lots to Talk About”
- Remarks at the Investor Advisory Committee Meeting
- A Quarter for Your Thoughts: Remarks at the Meeting of the SEC Investor Advisory Committee
- Remarks at the Investor Advisory Committee Meeting
- Base Case: Remarks at the IC3 Blockchain Camp
- Commission Statement on the Passing of Former General Counsel David Becker
- MedTech In Focus: AI impact in healthcare
- If Your AI Can’t Explain Itself, Can FDA Authorize It?
Michigan healthcare freedom community forum
More than one million Michiganders' data were were stolen in a cybersecurity breach at a Corewell Health contractor, Welltok, Inc. About 8 million Americans' records in total were exposed in this breach.
Welltok is an SaaS (software as a service) company which provides communication services for Corewell Health's southeastern Michigan operations and a portal for Priority Health, among many other healthcare companies across America.
Welltok data breach exposes data of 8.5 million US patients
By Bill Toulas - November 22, 2023Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response.
Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit software to breach thousands of organizations worldwide, following up with extortion demands and data leaks impacting over 77 million people.
Welltok published a notice of a data incident in late October, warning that its MOVEit Transfer server was breached on July 26, 2023. This occurred despite applying the security updates as soon as those were made available by the vendor.
Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
The impact of the breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the following healthcare providers said to be impacted:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Initial estimates about the number of impacted individuals varied as Welltok didn’t immediately disclose this information.
However, earlier today, the firm reported on the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people.
This figure places the Welltok breach as the second largest MOVEit data breach after services contractor Maximus, whose data breach affected 11 million people.
AG Dana Nessel is now involved:
Corewell Health Data Breach Exposes Info of One Million Michigan Patients
December 01, 2023
LANSING – A cybersecurity breach at Welltok, Inc., the software company contracted to provide communications services to Corewell Health’s southeastern Michigan properties, has reportedly affected more than one million Michigan residents, Attorney General Dana Nessel announced.The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information, and Social Security numbers for about one million Corewell Health patients were compromised in the breach. In addition, the names, addresses, and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were also compromised, according to a statement from the health system earlier this month. In total, the breach affected nearly 8.5 people nationally.
The attack, which occurred on May 30, exploited software vulnerabilities on the MOVEit Transfer server owned by Virgin Pulse, Welltok's parent company.
“Health information is some of the most personal information that we have,” said Nessel. “If there was ever data that required heightened cybersecurity measures, it is the information held by the healthcare sector. This kind of breach has occurred too often, and patients deserve to feel confident that their health data is protected in the most robust way possible. My office remains committed to helping Michigan residents keep their data private and secure.”
Welltok has confirmed that those affected include people who have received health care or insurance provided by the following companies:
- Asuris Northwest Health
- BridgeSpan Health
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Regence BlueCross BlueShield of Oregon
- Regence BlueShield
- Regence BlueCross BlueShield of Utah
- Regence Blue Shield of Idaho
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
According to the HIPAA Journal, this cyberattack marks the fourth-largest healthcare data breach in the U.S. this year. The U.S. Department of Health and Human Services reported that data breaches among healthcare organizations more than doubled from 2019 to 2021. In 2022, at least 28.5 million healthcare records were breached nationwide.
Michigan, in particular, has experienced a surge in healthcare-related cyberattacks. In recent months, Attorney General Nessel notified Michigan residents about a ransomware attack affecting 2.5 million McLaren Health Care patients. Similarly, the University of Michigan faced a cyberattack in late August, leading to the compromise of personal information, including Social Security numbers, driver’s license or other government-issued ID numbers, and medical records.
If Welltok has a valid mailing address on file, the company is mailing a notice letter to individuals whose information was determined to be in the affected files. Anyone who does not receive a notice letter but would like to know if they are affected, or has other questions, may call the Welltok dedicated assistance line at 800-628-2141.
Although potentially impacted individuals should be receiving a notice letter from Welltok, state law does not currently require companies who experience a data breach to share that information with the Department of Attorney General. The Department often learns about these data breaches through media reports. The AG strongly recommends the legislature – similar to many other states – strengthen our law to require companies who experience a data breach to immediately inform the Department of Attorney General. This will allow the Attorney General to more quickly alert the public.
“Michigan simply must catch up to the states that require Attorney General notification of these significant breaches,” added Nessel. “To fulfill our duties of consumer protection and corporate oversight, the Department of Attorney General must be alerted to these breaches, when personal health and identifying information that is so often used to commit identity crimes, is compromised and made unsecure.”
The Department of Attorney General’s Data Breaches: What to do Next alert provides consumers with useful information about what kind of information can be accessed during a data breach.
To file a complaint with the Attorney General, or get additional information, contact:
Consumer Protection Team:
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint formYour connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime on a variety of topics.
Typo alert for the AG's office.
In total, the breach affected nearly 8.5 people nationally.
Data for over 1 million Michiganders, Corewell Health patients compromised after massive Welltok cyber attack
By Cassandra Llamas Fossen, 2 days ago
(WWJ) - Roughly 1 million Michiganders were impacted after a cyber security breach was discovered at Welltok Inc., a healthcare software-as-a-service company contracted by Corewell Health.
Welltok recently notified over 8 million Americans on behalf of 20 healthcare providers and plans, including Corewell Health, of the data breach stemming from the May 2023 MOVEit hack, stating an unauthorized individual was able to view and exfiltrate sensitive information.
Priority Health -- a Corewell-owned insurance plan -- was also impacted, with data for 2,500 Priority members exposed.
The cyber attack is one of the largest breaches reported to the U.S. Department of Health and Human Services (HHS) so far this year.
According to Welltok, the hackers were able to take advantage of a vulnerability in Progress Software’s MOVEit Transfer server. The company said it immediately patched the vulnerability when it was found on May 31 and made any necessary security upgrades.
While Welltock conducted an examination into the incident, it wasn't until Aug. 11 when a third-party company hired to reconstruct its systems and historical data discovered the breach.
A letter was sent out earlier in November to the 8,493,379 people affected by the massive breach.
“We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals,” Welltok stated.
Names, addresses, email addresses, and phone numbers, including a small amount of Social Security numbers, health insurance information, and Medicare/Medicaid ID numbers were all reported to have been impacted.
“As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event," Welltok said.
"While we have no evidence that any of your information has been misused, we are notifying you and providing information and resources to help protect your personal information," Welltok said in a statement.
Welltok opened a dedicated assistance line at 800-628-2141 to help patients who may have questions about the incident.
The company recommended credit monitoring for those affected by the breach.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
J & DE Family Charitable Fund
Friends
of MHF
Kelly Grotendiek
Philip Harbach
Dale Johnson
Drs. Jeffrey and Joni Jones
Vickie Kahle
Tammy Kipen
Marlin & Kathy Klumpp
Melanie Kurdys
Ruth Nobel
Patrick Peterson
Stephanie Poortenga
Jeanne Smit
Ben and Hope Staal
John Tuinstra
Jacki VanHuis
Sandy Walker
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
