On December 4, 2023, Welltok, Inc. filed a notice of data breach with the Attorney General of Maine after confirming that a vulnerability in MOVEit, a file-transfer program used by Welltok, allowed hackers to access confidential data belonging to patients of Welltok’s healthcare customers. In this notice, Welltok explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, medical information, and health insurance information. Upon completing its investigation, Welltok began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you receive a data breach notification from Welltok, Inc., it is essential you understand what is at risk and what you can do about it. Keep in mind the data breach letter may come from one of the following providers: Elixir RX Solutions, OrthoNebraska, or OSF HealthCare System. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Welltok / MOVEit data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Elixir RX Solutions, OrthoNebraska, and OSF HealthCare System Patients?
The Welltok MOVEit data breach was only recently announced, and more information is expected soon. However, Welltok’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, on July 26, 2023, Welltok learned that its MOVEit server had allegedly been compromised. However, Welltok had previously installed all patches and security upgrades. So, upon completing its investigation, Welltok concluded that no sensitive information had been compromised.
However, Welltok continued its investigation, ultimately confirming on August 11, 2023, that an unauthorized party was able to access the company’s MOVEit server on May 30, 2023. Welltok also confirmed that the unauthorized party removed certain data from the company’s MOVEit server, including information belonging to patients of Elixir RX Solutions, OrthoNebraska, and OSF HealthCare System.
After learning that sensitive consumer data was accessible to an unauthorized party, Welltok reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, address, phone number, email address, Social Security number, medical record number or patient identification number, treatment information, diagnosis information, provider name, prescription information, health insurance information, and treatment cost information.
On December 4, 2023, Welltok sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Welltok, Inc.
Welltok, Inc. is a healthcare services and support company as well as a subsidiary of Virgin Pulse. Virgin Pulse is a healthcare software company based out of Providence, Rhode Island. The company is partially owned by Virgin Group, a large multinational venture capital conglomerate based out of London, England. Virgin Pulse employs approximately 2,000 people and generates annual revenue of roughly $385 million.
