- Journalists Share Latest on Baby Formula Safety, Estrogen Patches, and Postcancer Costs
- 12 new behavioral health study findings to know
- Prevention Efforts Increasingly See Suicide Through a Broader Lens
- California dental hygiene program placed on probation, accreditation at risk: 5 notes
- US depression rate remains near record high: Gallup
- FDA names acting director of vaccines and biologics center
- We Are Breaking Anesthesia — And Calling It a Staffing Solution
- Establishing Good Governance: Start with the Important Basics and Play the Long Game
- Mission, margin and a midterm clock: Healthcare signals to watch
- What ASC tech actually moves the needle — and what’s just ‘face paint’
- ADA pushes for increased federal oversight of dental insurance: 4 notes
- VisionMed appoints new strategic advisor of ambulatory, office-based surgery
- South Dakota hospital joins Monument Health
- Dental groups call on legislators to support federal oral health programs
- PDS Health joins AARP global collaborative
- Nemours Children’s Health breaks ground on multispecialty facility
- FDA Recalls Several Ghirardelli Powdered Beverages Over Potential Contamination
- Physician financial pressures, a breakdown
- Physicians’ wRVU problem, by the numbers
- CMS’ Medicare provider directory released Social Security numbers: Washington Post
- The best ASCs for colonoscopy, endoscopy in the Midwest: US News
- 2 post-acute groups react to bill to improve CNA training
- 32 hospitals closing departments or ending services
- Visa limbo drags on for hundreds of physicians: 5 notes
- Hygienist shortage a ‘retention’ crisis: ADHA
- Yale receives $10M for youth mental health
- PDS Health grows de novo network with 6 new practices
- Penn Medicine, CHOP name autism institute director
- Cleveland Clinic adds GI specialist
- FDA hands Pfizer, Arvinas’ Veppanu early approval for breast cancer subtype
- A new kind of ASC partner has entered the market
- 8 DSOs making headlines
- Heartland Dental adds Florida practice
- Colorado behavioral health provider to cut 111 jobs
- High-Intensity Exercise After Breast Cancer Surgery Helps Speed Recovery
- SALT Dental Partners opens de novo office in Washington, DC
- Noncompete rules shift again: 4 recent updates
- The 4 states with the most DSO activity in April
- 10 new ASCs in April
- Florida physician sued for alleged $1.9M fraud
- Omada signs on with Optum Rx's GLP-1 management program
- Trump Offers Third Candidate For Surgeon General After Pulling Dr. Casey Means' Nomination
- Industry Voices—Value-based care won the policy argument. Now it has to deliver
- Senators introduce clean extension to cost-based payments for some rural hospitals
- Expanding access, improving outcomes: How AI is transforming behavioral health referrals
- Beth Israel Lahey Health taps Heidi for system-wide AI scribe rollout
- Johnson & Johnson Enters Agreement to Acquire Atraverse Medical
- Johnson & Johnson Enters Agreement to Acquire Atraverse Medical
- enVVeno Medical Receives FDA IDE Approval for Non-Surgical Replacement Venous Valve
- enVVeno Medical Receives FDA IDE Approval for Non-Surgical Replacement Venous Valve
- Medtronic Gains CE Mark for Stealth AXiS surgical system
- Medtronic Gains CE Mark for Stealth AXiS surgical system
- Medtronic Continues Cardiovascular Care Growth with Completion of CathWorks Acquisition
- Medtronic Continues Cardiovascular Care Growth with Completion of CathWorks Acquisition
- Cleveland Clinic taps startup Luminai to test how AI can run hospital operations
- Look out Rexulti, Axsome's Auvelity has its nod for Alzheimer's agitation
- Cardio drug developer Esperion to go private in potential $1.1B buyout by ArchiMed
- Union workers at Korean CDMO Samsung Biologics kick off strike
- Summit's PD-1xVEGF interim trial miss surprises analysts, shares tumble
- Who do Americans believe have the most influence in healthcare?
- Health Tech Weekly Rundown: Sage launches Tasking for senior care workflows; St. Luke’s taps Auxira Health for cardiologist support
- Confusion Continues Over Age To Start Breast Cancer Screening, Survey Finds
- Senses, Not Muscles, Key to Speech Recovery After Stroke
- Antibiotics Not Linked To Celiac Disease Risk, Study Argues
- Common Knee Surgery Doesn't Help, Might Actually Make Things Worse, Clinical Trial Reports
- States Rush To Figure Out How To Enforce Trump's Medicaid Work Requirements
- Delays in Visa Program Threaten Placement of Hundreds of Doctors in Underserved Areas
- Gavin Newsom, Early Champion of Single-Payer, Moderates in the Face of Fiscal Limits
- A pivotal time for an RNA pioneer
- Repatha sales help Amgen overcome Prolia biosimilar hits in 1st quarter
- Novo Nordisk’s Rybelsus officially retired in US as ‘Ozempic pill’ takes branding center stage
- Verastem launches ‘Reimagine’ campaign to move ovarian cancer drugs into earlier lines
- From Prototype to Production: Building a Validation Strategy That Scales with Manufacturing Volume
- From Prototype to Production: Building a Validation Strategy That Scales with Manufacturing Volume
- Mount Sinai launches mental health program for performing artists
- Managing AI in Medical Technology: From Innovation to Compliance
- Managing AI in Medical Technology: From Innovation to Compliance
- Mississippi to distribute $13.5M for youth mental health programs
- ‘Heroism doesn’t scale’: 4 leaders warn of cracks in behavioral health system
- Fierce Pharma Asia—Sun’s $11.75B Organon buy; Astellas’ Xtandi peak; BeOne’s PD-1xVEGF bet
- Seven Things Every Medical Device Manufacturer Must Know Before Integrating AI
- Seven Things Every Medical Device Manufacturer Must Know Before Integrating AI
- The Structural Tension at the Heart of MedTech
- The Structural Tension at the Heart of MedTech
- Cybersecurity Tactics for Medical IoT Devices
- Cybersecurity Tactics for Medical IoT Devices
- From Toddlers to Teens: The Hidden Complexities of Bringing Pediatric Wearables to Market
- From Toddlers to Teens: The Hidden Complexities of Bringing Pediatric Wearables to Market
- Drug use by state in 2026
- DOJ launches West Coast Health Care Strike Force to target fraud in Arizona, Nevada, Northern California
- Tenet Healthcare met Q1's volume curveballs with 'old-fashioned discipline'
- FDA expectations create potential friction in new Form 483 response guidance
- Trump pulls surgeon general nomination of Casey Means, names Nicole Saphier as new pick
- New Medical Guidelines Urge More Fiber, Less Bathroom Scrolling on Your Phone
- Sleep and Anxiety Medications in Pregnancy Appear to Pose Little Harm
- Functional medicine provider Parsley Health now in-network nationwide
- Lilly touts 'encouraging' early days for Foundayo obesity launch, even as GLP-1 pill appears to lag Novo's
- BMS 'well prepared' for Camzyos competition as revenue from new products overtakes legacy portfolio
- Waystar kicks off 2026 with strong growth as it targets AI at $100B RCM labor pool
- Merck's growth products Winrevair, Ohtuvayre trending in opposite directions
- Trump's Medicaid Work Mandate Debuting in Nebraska to Much Dismay
- Nasal Spray Flu Vaccines Create 'Battlefield' In Adults' Noses
- Prehabilitation Slashes Post-Op Complications By Half, Review Says
- Understanding Emotions Could Be Key To Quelling Chronic Pain
- Meth Caused 1 In 6 Heart Attacks Over A Decade, Study Finds
- States Rush To Figure Out How To Enforce Trump’s Medicaid Work Requirements
- When Natural Disasters Strike, Another Crisis Hits Those Recovering From Opioid Addiction
- Photon, maker of modern prescription infrastructure, nabs $16M to scale
- Cigna to exit ACA market, pursue strategic alternatives for eviCore unit
- Amarox recalls batch of antidepressants in UK over packaging mix-up
- Bayer earns FDA untitled letter for Nubeqa's 'attention-grabbing visuals'
- Merck bats for heart disease awareness with new baseball-inspired campaign
- Avalyn heads to Nasdaq with oversized $300M IPO to fund reformulated respiratory drugs
- Europe’s drug regulator sets up new group to counter vaccine hesitancy
- Aidoc banks $150M backed by Goldman Sachs to scale clinical AI foundation model
- Healthcare costs remain a top concern for voters as midterms loom: KFF
- Nonprofit health systems are falling short on governance capabilities, report warns
- Novartis rounds out $23B US investment push with plans for North Carolina API plant
- Teladoc Health reports strong momentum behind BetterHelp insurance shift, CEO says
- AI Tool May Help Identify ADHD in Kids Long Before Typical Diagnosis
- Viz.ai partners with National Rural Health Association to expand AI understanding, access to rural hospitals
- FDA Moves to Real-Time Clinical Trial Patient Monitoring, Faster Drug Review
- AstraZeneca CEO's conservative MFN model excludes reference markets from forecast
- With Austedo at helm, Teva's impressive innovative drug sales signal company's successful metamorphosis
- Universal Health Services' Q1 2026 earnings growth dampened by volume hits
- AbbVie outlines Skyrizi defense against new J&J plaque psoriasis rival Icotyde
- Only 1 in 4 employers able to ‘absorb’ increasing health benefit costs without impacting business
- Dementia Screening Safe For Families, Trial Finds
- Online Program Soothes Post-Trauma Stress In Injured Children
- Mental Defeat Can Worsen Chronic Pain, Researchers Say
- Pooled Umbilical Cord Blood Boosts Stem Cell Transplant Success, Trial Finds
- US drugmaker’s reputations shift quickly amid political pressures, job cuts: survey
- Saving Lives by Changing Lives: The Next Frontier in Suicide Prevention
- Trump’s Medicaid Work Mandate Debuting in Nebraska to Much Dismay
- The push to expand access to emergency contraception
- Secret to Surviving 'Perfect Mom' Posts on Social Media Revealed
- Remarks at the Small Business Capital Formation Advisory Committee Meeting
- Getting All Your Ducks in a Row to IPO: Remarks at the Small Business Capital Formation Advisory Committee Meeting
- Remarks to the Small Business Capital Formation Advisory Committee
- CDC Warns of Antibiotic-Resistant Salmonella in Backyard Flocks
- Listen to the Latest ‘KFF Health News Minute’
- AI-driven coding platform Arintra rolls out new documentation improvement capabilities
- Florida Delays Children's Health Insurance Expansion as Uninsured Rate Rises
- Daylight Saving Time Fails to Boost Daily Steps, Study Finds
- Metabolic Syndrome Tied To Cancer Risk
- Mail-In Colon Cancer Test Kits Offer Affordable Screening
- U.S. Dentists Still Overprescribing Opioids Compared To Other Nations, Puerto Rico
- An Urgent Care Treated Her Allergic Reaction. An ER Monitored Her — For $6,700.
- Estrogen Patch Shortages Likely Driven By Empowered Women Seeking Relief, Expert Says
- First Gene Therapy for Genetic Hearing Loss, Otarmeni, Gains FDA Approval
More than one million Michiganders' data were were stolen in a cybersecurity breach at a Corewell Health contractor, Welltok, Inc. About 8 million Americans' records in total were exposed in this breach.
Welltok is an SaaS (software as a service) company which provides communication services for Corewell Health's southeastern Michigan operations and a portal for Priority Health, among many other healthcare companies across America.
Welltok data breach exposes data of 8.5 million US patients
By Bill Toulas - November 22, 2023Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
Welltok works with health service providers across the U.S., maintaining online wellness programs, holding databases with personal patient data, generating predictive analytics, and supporting healthcare needs like medication adherence and pandemic response.
Earlier this year, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit software to breach thousands of organizations worldwide, following up with extortion demands and data leaks impacting over 77 million people.
Welltok published a notice of a data incident in late October, warning that its MOVEit Transfer server was breached on July 26, 2023. This occurred despite applying the security updates as soon as those were made available by the vendor.
Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
The impact of the breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the following healthcare providers said to be impacted:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Initial estimates about the number of impacted individuals varied as Welltok didn’t immediately disclose this information.
However, earlier today, the firm reported on the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people.
This figure places the Welltok breach as the second largest MOVEit data breach after services contractor Maximus, whose data breach affected 11 million people.
AG Dana Nessel is now involved:
Corewell Health Data Breach Exposes Info of One Million Michigan Patients
December 01, 2023
LANSING – A cybersecurity breach at Welltok, Inc., the software company contracted to provide communications services to Corewell Health’s southeastern Michigan properties, has reportedly affected more than one million Michigan residents, Attorney General Dana Nessel announced.The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information, and Social Security numbers for about one million Corewell Health patients were compromised in the breach. In addition, the names, addresses, and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were also compromised, according to a statement from the health system earlier this month. In total, the breach affected nearly 8.5 people nationally.
The attack, which occurred on May 30, exploited software vulnerabilities on the MOVEit Transfer server owned by Virgin Pulse, Welltok's parent company.
“Health information is some of the most personal information that we have,” said Nessel. “If there was ever data that required heightened cybersecurity measures, it is the information held by the healthcare sector. This kind of breach has occurred too often, and patients deserve to feel confident that their health data is protected in the most robust way possible. My office remains committed to helping Michigan residents keep their data private and secure.”
Welltok has confirmed that those affected include people who have received health care or insurance provided by the following companies:
- Asuris Northwest Health
- BridgeSpan Health
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Regence BlueCross BlueShield of Oregon
- Regence BlueShield
- Regence BlueCross BlueShield of Utah
- Regence Blue Shield of Idaho
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
According to the HIPAA Journal, this cyberattack marks the fourth-largest healthcare data breach in the U.S. this year. The U.S. Department of Health and Human Services reported that data breaches among healthcare organizations more than doubled from 2019 to 2021. In 2022, at least 28.5 million healthcare records were breached nationwide.
Michigan, in particular, has experienced a surge in healthcare-related cyberattacks. In recent months, Attorney General Nessel notified Michigan residents about a ransomware attack affecting 2.5 million McLaren Health Care patients. Similarly, the University of Michigan faced a cyberattack in late August, leading to the compromise of personal information, including Social Security numbers, driver’s license or other government-issued ID numbers, and medical records.
If Welltok has a valid mailing address on file, the company is mailing a notice letter to individuals whose information was determined to be in the affected files. Anyone who does not receive a notice letter but would like to know if they are affected, or has other questions, may call the Welltok dedicated assistance line at 800-628-2141.
Although potentially impacted individuals should be receiving a notice letter from Welltok, state law does not currently require companies who experience a data breach to share that information with the Department of Attorney General. The Department often learns about these data breaches through media reports. The AG strongly recommends the legislature – similar to many other states – strengthen our law to require companies who experience a data breach to immediately inform the Department of Attorney General. This will allow the Attorney General to more quickly alert the public.
“Michigan simply must catch up to the states that require Attorney General notification of these significant breaches,” added Nessel. “To fulfill our duties of consumer protection and corporate oversight, the Department of Attorney General must be alerted to these breaches, when personal health and identifying information that is so often used to commit identity crimes, is compromised and made unsecure.”
The Department of Attorney General’s Data Breaches: What to do Next alert provides consumers with useful information about what kind of information can be accessed during a data breach.
To file a complaint with the Attorney General, or get additional information, contact:
Consumer Protection Team:
P.O. Box 30213
Lansing, MI 48909
517-335-7599
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint formYour connection to consumer protection is just a click or phone call away. The Department provides a library of resources for consumers to review anytime on a variety of topics.
Typo alert for the AG's office.
In total, the breach affected nearly 8.5 people nationally.
Data for over 1 million Michiganders, Corewell Health patients compromised after massive Welltok cyber attack
By Cassandra Llamas Fossen, 2 days ago
(WWJ) - Roughly 1 million Michiganders were impacted after a cyber security breach was discovered at Welltok Inc., a healthcare software-as-a-service company contracted by Corewell Health.
Welltok recently notified over 8 million Americans on behalf of 20 healthcare providers and plans, including Corewell Health, of the data breach stemming from the May 2023 MOVEit hack, stating an unauthorized individual was able to view and exfiltrate sensitive information.
Priority Health -- a Corewell-owned insurance plan -- was also impacted, with data for 2,500 Priority members exposed.
The cyber attack is one of the largest breaches reported to the U.S. Department of Health and Human Services (HHS) so far this year.
According to Welltok, the hackers were able to take advantage of a vulnerability in Progress Software’s MOVEit Transfer server. The company said it immediately patched the vulnerability when it was found on May 31 and made any necessary security upgrades.
While Welltock conducted an examination into the incident, it wasn't until Aug. 11 when a third-party company hired to reconstruct its systems and historical data discovered the breach.
A letter was sent out earlier in November to the 8,493,379 people affected by the massive breach.
“We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals,” Welltok stated.
Names, addresses, email addresses, and phone numbers, including a small amount of Social Security numbers, health insurance information, and Medicare/Medicaid ID numbers were all reported to have been impacted.
“As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event," Welltok said.
"While we have no evidence that any of your information has been misused, we are notifying you and providing information and resources to help protect your personal information," Welltok said in a statement.
Welltok opened a dedicated assistance line at 800-628-2141 to help patients who may have questions about the incident.
The company recommended credit monitoring for those affected by the breach.
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
J & DE Family Charitable Fund
Friends
of MHF
Kelly Grotendiek
Philip Harbach
Dale Johnson
Drs. Jeffrey and Joni Jones
Vickie Kahle
Tammy Kipen
Marlin & Kathy Klumpp
Melanie Kurdys
Ruth Nobel
Patrick Peterson
Stephanie Poortenga
Jeanne Smit
Ben and Hope Staal
John Tuinstra
Jacki VanHuis
Sandy Walker
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
