- Journalists Distill News on Ebola, Licensing Midwives, and California’s Budget
- Justice Department charges 15 for $90M+ in alleged healthcare fraud, expands strike force
- UnitedHealth’s PBM names CFO
- Tennessee becomes 2nd state to ban PBMs from owning pharmacies
- Trump Bought Stock in Eli Lilly as His Policies Gave the Drugmaker a Big Boost, Documents Show
- 40% lower physician distress, 245% more violence reporting: Workforce retention strategies gaining traction
- 15 new behavioral health study findings to know
- APRN charged in $1.35M Medicare fraud scheme
- Florida woman faces charges of practicing unlicensed dentistry
- GI of the Rockies launches AI-powered care program
- Deputy injured in Indiana hospital shooting
- Legacy Health-backed insurer PacificSource to exit ACA market, pull out of Montana entirely
- Expanded federal scrutiny reshapes how hospitals govern risk, compliance
- The instability compounding the anesthesiologist shortage
- ADA proposes standards on dental cartridges, water quality
- The unraveling of prior authorization: 5 things to know
- The hospital bad debt and charity care crisis: 20 things to know
- As AI identifies more at-risk patients, health systems face a capacity challenge
- 5 GI power players
- 4 dental insurance updates to know
- Federal appeals court overturns EPA fluoride ruling: 5 notes
- What payers don’t understand about ASC spine surgery
- 3 men sentenced for $6.9M orthotic DME fraud scheme
- What will outpatient cardiology look like in 10 years?
- 15 leadership moves across 4 specialties
- Dental Medicaid disenrollment could cause $86M in added costs
- Park Dental opens Minnesota practice
- AI is about to break healthcare’s scarcity model — if we let it
- The most underrated threat in digital health
- Tennessee orthodontic practice opens 2 locations
- Justice Department charges autism care providers in $46.6M fraud case
- 14.2% of Medicaid patients received mental health ED follow-up: 4 notes
- Acting NIAID Chief Steps Down Amid Ebola, Hantavirus Concerns
- Leaders sound off on overrated ASC trends
- Dental hygienist employment reaches 222,000: State-by-state breakdown
- Vitana Pediatric & Orthodontic Partners adds 1st Maryland practice
- 10 highest-paying states for dental hygienists in 2026
- US overdose deaths decline for 3rd straight year: What it means for healthcare
- Sunscreen Confusion Puts More Americans At Risk For Melanoma
- ACAP warns final ACA rule adds further uncertainty to a market in flux
- AbbVie plots 85 summer layoffs tied to Allergan unit in California
- Quorum Health transitioning to nonprofit for financial pickup
- Women's Health Capitol Hill Day: Advocates lobby to advance budget priorities
- Europe's CHMP gives thumbs up to AZ's breast cancer drug after thumbs down from FDA adcomm
- Novartis, AbbVie plan summer layoffs on opposite coasts
- AstraZeneca, Daiichi beat Gilead to first-line TNBC with FDA nod for Datroway
- Industry Voices—From claims to compassion: Reclaiming patient advocacy in revenue cycle
- 1 In 10 U.S. Surgeons Quit Practice, Study Warns Of Shortage
- Video Game Can Detect Depression In Minutes, Study Says
- Quitting Smoking Might Lower Your Dementia Risk
- Severe Asthma Often Comes With Other Serious Health Problems
- AbbVie, GSK race up patient reputation leaderboard in the UK
- Efforts To Understand The Nation's Drugged Driving Problem Stall Under Trump
- Trump’s $50B Rural Health Bet Meets a Healthcare Desert in North Carolina
- 3 Medical Routines That Older People May Not Need
- Fierce Pharma Asia—Merck-Kelun ADC’s triple wins; Tools in China licensing deals; Takeda’s $885M antitrust loss
- Tyra creates awareness day with patient advocates to shine light on a rare cancer
- Machine learning-guided lifestyle plans reduce depression symptoms: 3 study notes
- Innovaccer picks up CaduceusHealth to offer end-to-end revenue cycle management
- Acadia psychiatric hospital faces abuse lawsuits
- Massachusetts behavioral health clinics to pay $1.4M to settle fraud allegations
- From 50 days to 7: How 1 system cut behavioral health intake wait times
- Hospitals allege contracted CVS Health subsidiaries pocketed their 340B savings
- Northwell hospital launches in-home behavioral health services
- RFK Jr. Fires Two Leaders Of Major U.S. Health Task Force
- Ksana Health awarded $17.9M to build behavioral health foundation model
- Lilly accuses church-linked pharmacies, wholesalers and more of running $200M+ rebate fraud scheme
- Study: Brokers increasingly recommending ICHRA to employers
- ASCO: Merck, Kelun's sac-TMT ADC combo beats Keytruda by 65% on progression in first-line lung cancer
- Common Food Preservatives Linked to Major Heart Problems
- Health Tech Weekly Rundown: Prime Healthcare expands virtual sitting tech; CVS Health studies seniors' digital health needs
- Amgen's Tavneos, facing liver injury scrutiny, gets label update in Japan as patient starts resume
- Gilead pledges 400K AmBisome doses to fight visceral leishmaniasis in expanded WHO collab
- With Voxzogo under pressure, BioMarin touts trial win in label expansion bid
- Migraine With Aura Linked To Middle-Age Stroke Risk
- Nicotine Vapes Triple Smokers' Odds Of Quitting Tobacco
- Fatty Liver Disease Increases Heart Attack Risk, Study Says
- Religious Anti-Abortion Center Finds Opportunity In Town Without OB-GYNs
- CPAP Insurance Rules Too Stringent, Deny Device Coverage To Sleep Apnea Patients Who Would Benefit
- ICE Arrests Are Separating Families. Here’s How To Plan Ahead.
- Colorado Charts Its Own Course on Vaccines Amid Federal Pullback
- OpenEvidence launches hands-free voice AI feature, expands hospital footprint with Cedars-Sinai tie-up
- Inside agency view: Ogilvy Health on AI’s ‘light speed,’ nano influencers and the rise of Ria
- Fixing Eligibility at the Point of Care: The Missing Link in Medical Device Reimbursement Integrity
- Fixing Eligibility at the Point of Care: The Missing Link in Medical Device Reimbursement Integrity
- The failure of the ‘usual suspects’ approach to life science recruitment
- The failure of the ‘usual suspects’ approach to life science recruitment
- Kennedy dismisses leaders of US Preventive Services Task Force
- Statement on Novel Exchange-Traded Funds (ETFs)
- CMS proposes rule aimed at limiting Medicaid state-directed payments
- WTW: Employers aiming to bulk up AI use for health and benefits
- Freestanding EDs, urgent care acquisition opportunities abound for HCA Healthcare
- Value, Focus, and the Future of MedTech: M&A and Divestitures are Rewriting the Strategic Playbook.
- Value, Focus, and the Future of MedTech: M&A and Divestitures are Rewriting the Strategic Playbook.
- Rollback of PFAS Drinking Water Standards Raises Safety Fears
- 'Missed risk': Women's Heart Health Summit explores gaps in research, treatment
- House and Senate Democrats move to overturn CMS’ WISeR AI prior auth pilot
- Designing an agentic, future‑ready tech roadmap for emerging pharma
- Judi Health taps Clear for its identity verification tech
- Canvas Medical unveils Canvas Studio, a customizable EMR workflow tool for clinicians
- The Boston Children’s Experience: Hidden ICU Risk and AI-Driven De-escalation
- The Boston Children’s Experience: Hidden ICU Risk and AI-Driven De-escalation
- Artivion Completes Endospan Acquisition, Expands Aortic Arch Portfolio With FDA-Approved NEXUS System
- Artivion Completes Endospan Acquisition, Expands Aortic Arch Portfolio With FDA-Approved NEXUS System
- Your Handwriting Could Be a Window Into Your Aging Brain
- Democratic senators share plans for Medicare home care benefit, long-term care reform
- GHO Capital, CBC Group plan to merge, forming $21B healthcare investment firm
- Ipsen details growing pains as teens transition to adult care
- Lilly, AbbVie, J&J, AZ lead an uptick in Big Pharma Q1 growth, with Novo again bringing up the rear
- MetroHealth partners with Artisight on smart hospital platform rollout
- How Do Caffeine, Alcohol, Weed, Nicotine Affect MS Symptoms?
- Once-A-Day Pill Effective In Treating Sleep Apnea Without CPAP, Clinical Trial Says
- Teens Turning To Creatine, Not Steroids, For 'Looksmaxxing'
- BMS taps Anthropic’s Claude for enterprise-wide AI adoption to speed R&D, global workflows
- Gilead inks another deal with Korean API manufacturer Yuhan, this time worth $140M
- Childhood Trauma Tied to Higher Obesity Risk, But One Caring Adult Can Make A Difference
- Eroding ACA Enrollment Portends Higher Insurance Rates
- Amgen, bidding adieu to CFO, lures Galderma exec with hefty $12.4M bonus
- Watch: The Tug-of-War Over Taxpayer Dollars
- Religious Anti-Abortion Center Finds Opportunity in Town Without OB-GYNs
- CG Life appoints Collette Douaihy as chief creative officer as C-suite buildout continues
- Tarsus taps John Cena for its latest Demodex blepharitis campaign
- Statement on Proposing Registered Offering Reform and Enhancement of Emerging Growth Company Accommodations and Simplification of Filer Status for Reporting Companies
- American Aid Worker Tests Positive for Ebola After DRC Exposure
- Listen to the Latest ‘KFF Health News Minute’
- Headache Medicine: Statement on Proposing Releases for Registered Offering Reform and Enhancement of Emerging Growth Company Accommodations and Simplification of Filer Status for Reporting Companies
- More Kids Seeking Anxiety Help at Routine Doctor Visits, Study Finds
- Statement on Proposing Releases for Enhancement of Emerging Growth Company Accommodations and Simplification of Filer Status for Reporting Companies, and Registered Offering Reform
- Global MedTech Contract Manufactures Finalize Merger
- Global MedTech Contract Manufactures Finalize Merger
- Carl Zeiss Meditec Plans Up to 1,000 Job Cuts Amid Restructuring Effort
- Carl Zeiss Meditec Plans Up to 1,000 Job Cuts Amid Restructuring Effort
- Signatera CDx Gets FDA Nod as Companion Diagnostic for Muscle-Invasive Bladder Cancer
- Signatera CDx Gets FDA Nod as Companion Diagnostic for Muscle-Invasive Bladder Cancer
- Boston Scientific announces strategic investment in MiRus LLC
- Boston Scientific announces strategic investment in MiRus LLC
- Weed/Opioid Combo Doesn't Help Knee Arthritis Pain
- Losing A Parent Can Dent An Adult's Earning Power
- Ticks Can Creepy-Crawl Your House For Weeks Before Dying, Study Shows
- Kids Keep Getting Stuck in Hospitals, Even After Being Cleared For Discharge
- Short, Intense Radiation Therapy Safe For Prostate Cancer Patients
- Efforts To Understand the Nation’s Drugged Driving Problem Stall Under Trump
- Somewhere Between Cacophony and Euphony
- Ebola Outbreaks in Africa Trigger Global Health Emergency, U.S. Travel Warnings
- Rapid Weight Loss Beats Slow and Steady in New Clinical Trial
- Medtronic Bets on Cardiovascular Realignment Amid Stock Pressure and Facility Closures
- Medtronic Bets on Cardiovascular Realignment Amid Stock Pressure and Facility Closures
- Smog Linked To Lewy Body Dementia Risk, Major Study Finds
- NYC Mold Removal Program Cut Asthma ER Cases By A Quarter, Study Says
- Pregnancy Safe For Women With Myasthenia Gravis, Study Concludes
More than one million Michiganders' data were were stolen in a cybersecurity breach at a Corewell Health contractor, Welltok, Inc. About 8 million Americans' records in total were exposed in this breach.
Welltok is an SaaS (software as a service) company which provides communication services for Corewell Health's southeastern Michigan operations and a portal for Priority Health, among many other healthcare companies across America.
Welltok data breach exposes data of 8.5 million US patients
By Bill Toulas - November 22, 2023Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response.
Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit software to breach thousands of organizations worldwide, following up with extortion demands and data leaks impacting over 77 million people.
Welltok published a notice of a data incident in late October, warning that its MOVEit Transfer server was breached on July 26, 2023. This occurred despite applying the security updates as soon as those were made available by the vendor.
Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
The impact of the breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the following healthcare providers said to be impacted:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Initial estimates about the number of impacted individuals varied as Welltok didn’t immediately disclose this information.
However, earlier today, the firm reported on the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people.
This figure places the Welltok breach as the second largest MOVEit data breach after services contractor Maximus, whose data breach affected 11 million people.
AG Dana Nessel is now involved:
Corewell Health Data Breach Exposes Info of One Million Michigan Patients
December 01, 2023
LANSING – A cybersecurity breach at Welltok, Inc., the software company contracted to provide communications services to Corewell Health’s southeastern Michigan properties, has reportedly affected more than one million Michigan residents, Attorney General Dana Nessel announced.The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information, and Social Security numbers for about one million Corewell Health patients were compromised in the breach. In addition, the names, addresses, and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were also compromised, according to a statement from the health system earlier this month. In total, the breach affected nearly 8.5 people nationally.
The attack, which occurred on May 30, exploited software vulnerabilities on the MOVEit Transfer server owned by Virgin Pulse, Welltok's parent company.
“Health information is some of the most personal information that we have,” said Nessel. “If there was ever data that required heightened cybersecurity measures, it is the information held by the healthcare sector. This kind of breach has occurred too often, and patients deserve to feel confident that their health data is protected in the most robust way possible. My office remains committed to helping Michigan residents keep their data private and secure.”
Welltok has confirmed that those affected include people who have received health care or insurance provided by the following companies:
- Asuris Northwest Health
- BridgeSpan Health
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Regence BlueCross BlueShield of Oregon
- Regence BlueShield
- Regence BlueCross BlueShield of Utah
- Regence Blue Shield of Idaho
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
According to the HIPAA Journal, this cyberattack marks the fourth-largest healthcare data breach in the U.S. this year. The U.S. Department of Health and Human Services reported that data breaches among healthcare organizations more than doubled from 2019 to 2021. In 2022, at least 28.5 million healthcare records were breached nationwide.
Michigan, in particular, has experienced a surge in healthcare-related cyberattacks. In recent months, Attorney General Nessel notified Michigan residents about a ransomware attack affecting 2.5 million McLaren Health Care patients. Similarly, the University of Michigan faced a cyberattack in late August, leading to the compromise of personal information, including Social Security numbers, driver’s license or other government-issued ID numbers, and medical records.
If Welltok has a valid mailing address on file, the company is mailing a notice letter to individuals whose information was determined to be in the affected files. Anyone who does not receive a notice letter but would like to know if they are affected, or has other questions, may call the Welltok dedicated assistance line at 800-628-2141.
Although potentially impacted individuals should be receiving a notice letter from Welltok, state law does not currently require companies who experience a data breach to share that information with the Department of Attorney General. The Department often learns about these data breaches through media reports. The AG strongly recommends the legislature – similar to many other states – strengthen our law to require companies who experience a data breach to immediately inform the Department of Attorney General. This will allow the Attorney General to more quickly alert the public.
“Michigan simply must catch up to the states that require Attorney General notification of these significant breaches,” added Nessel. “To fulfill our duties of consumer protection and corporate oversight, the Department of Attorney General must be alerted to these breaches, when personal health and identifying information that is so often used to commit identity crimes, is compromised and made unsecure.”
The Department of Attorney General’s Data Breaches: What to do Next alert provides consumers with useful information about what kind of information can be accessed during a data breach.
To file a complaint with the Attorney General, or get additional information, contact:
Consumer Protection Team:
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint formYour connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime on a variety of topics.
Typo alert for the AG's office.
In total, the breach affected nearly 8.5 people nationally.
Data for over 1 million Michiganders, Corewell Health patients compromised after massive Welltok cyber attack
By Cassandra Llamas Fossen, 2 days ago
(WWJ) - Roughly 1 million Michiganders were impacted after a cyber security breach was discovered at Welltok Inc., a healthcare software-as-a-service company contracted by Corewell Health.
Welltok recently notified over 8 million Americans on behalf of 20 healthcare providers and plans, including Corewell Health, of the data breach stemming from the May 2023 MOVEit hack, stating an unauthorized individual was able to view and exfiltrate sensitive information.
Priority Health -- a Corewell-owned insurance plan -- was also impacted, with data for 2,500 Priority members exposed.
The cyber attack is one of the largest breaches reported to the U.S. Department of Health and Human Services (HHS) so far this year.
According to Welltok, the hackers were able to take advantage of a vulnerability in Progress Software’s MOVEit Transfer server. The company said it immediately patched the vulnerability when it was found on May 31 and made any necessary security upgrades.
While Welltock conducted an examination into the incident, it wasn't until Aug. 11 when a third-party company hired to reconstruct its systems and historical data discovered the breach.
A letter was sent out earlier in November to the 8,493,379 people affected by the massive breach.
“We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals,” Welltok stated.
Names, addresses, email addresses, and phone numbers, including a small amount of Social Security numbers, health insurance information, and Medicare/Medicaid ID numbers were all reported to have been impacted.
“As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event," Welltok said.
"While we have no evidence that any of your information has been misused, we are notifying you and providing information and resources to help protect your personal information," Welltok said in a statement.
Welltok opened a dedicated assistance line at 800-628-2141 to help patients who may have questions about the incident.
The company recommended credit monitoring for those affected by the breach.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
J & DE Family Charitable Fund
Friends
of MHF
Kelly Grotendiek
Philip Harbach
Dale Johnson
Drs. Jeffrey and Joni Jones
Vickie Kahle
Tammy Kipen
Marlin & Kathy Klumpp
Melanie Kurdys
Ruth Nobel
Patrick Peterson
Stephanie Poortenga
Jeanne Smit
Ben and Hope Staal
John Tuinstra
Jacki VanHuis
Sandy Walker
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
