On November 13, 2023, Welltok, Inc., a Virgin Pulse Company, filed a notice of data breach with the Attorney General of Maine on behalf of St. Bernards Healthcare (“St. Bernards”). In this notice, Welltok explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, health insurance information, medical record numbers or patient identification numbers, provider names, and treatment information. Upon completing its investigation, Welltok began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you receive a data breach notification from Welltok, Inc., it is essential you understand what is at risk and what you can do about it. As we’ve previously discussed in similar posts, data breaches that result in unauthorized access to your SSN are especially concerning because hackers can easily use this information to commit identity theft and other frauds against you. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Welltok data breach.
What Caused the Data Breach Affecting Welltok?
The Welltok data breach was only recently announced, and more information is expected in the near future. However, Welltok’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, Welltok operates an online platform that enables healthcare professionals to provide patients and members with important notices and communications. St. Bernards is one of the healthcare providers that uses Welltok’s service.
On July 26, 2023, Welltok was alerted to a compromise of its MOVEit server. However, Welltok had previously installed all patches and security upgrades, and upon completing an investigation, Welltok determined that there was no unauthorized access.
However, on August 11, 2023, after conducting a follow-up investigation, Welltok determined that an unauthorized party was able to access the company’s MOVEit server on May 30, 2023. It was also confirmed that the unauthorized party removed certain data from the company’s MOVEit server, including information belonging to patients of St. Bernards. On September 14, 2023, Welltok informed St. Bernards of the full scope of the incident.
After learning that sensitive consumer data was accessible to an unauthorized party, Welltok reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, health insurance information, medical record number or patient identification number, provider names, and treatment information.
On November 13, 2023, Welltok sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Welltok, Inc.
Welltok, Inc. is a healthcare services and support company as well as a subsidiary of Virgin Pulse. Virgin Pulse is a healthcare software company based out of Providence, Rhode Island. The company is partially owned by Virgin Group, a large multinational venture capital conglomerate based out of London, England. Virgin Pulse employs approximately 2,000 people and generates annual revenue of roughly $385 million.
