GRAND RAPIDS, Mich. (WXYZ) — Welltok, Inc., a Virgin Pulse company, says it has notified approximately 8.5 million patients throughout the U.S. about a national data security event caused by vulnerability in MoveIT software.
"Welltok provides patient communication services for Corewell Health in Southeast Michigan and a healthy lifestyle portal for Priority Health, the health system’s health plan. The health information of approximately 1 million patients of Corewell Health in Southeast Michigan and about 2,500 Priority Health members were impacted. Welltok has sent letters to notify impacted individuals of the situation," Welltok, Inc. officials said in a press release.
Welltok officials say their system and security concerns are resolved, and they are not aware of any instances of fraud or identity theft arising from the event.
The type of information exposed in the event includes:
- Priority Health members: Name, address and health insurance identification number
- Corewell Health patients: Name, date of birth, email address, phone number, diagnosis, health insurance information and Social Security number
“It was very upsetting," Laura Pasquinelli said about receiving the notification letter from Welltok that her data had been compromised. “Especially around the holidays too, getting that letter, I wasn’t happy with that.”
Pasquinelli from Royal Oak isn't aware of any other time her information has been breached. She says she wants the matter resolved quickly.
“They were making it sound like it wasn’t as serious as it is, but I think there’s more to it," she said.
Cybercrime and cybersecurity expert Tom Holt says hospital system breaches are on the rise in America due to the amount of personal information clients provide when visiting a doctor.
"Unfortunately, hackers are going to go after any target that they believe has information that is of value," Holt said. "Individuals who are engaging in the attack know that they can sell the data that they acquire for money."
Holt recommends for victims to put systems in place to track all your financial accounts and watch for any suspicious activity. Meanwhile, Welltok is offering free credit monitoring to all affected. If would like more information on the potential impact, contact Welltok at 800-628-2141.
Corewell Health issued a statement regarding the breach:
"The privacy of our patients, health plan members and team members is a top concern. We recently learned our vendor, Welltok, Inc., was affected by the MOVEit cyberattack that involved more than 2,000 organizations earlier this year. Welltok is communicating directly with the individuals whose data was affected by the attack, and credit monitoring is available to all impacted people"