Topics
in style
AI
Amazon
Image Credits:Virgin Pulse / Welltok
Apps
Biotech & Health
mood
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
fund raise
Gadgets
Gaming
Government & Policy
ironware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
distance
Startups
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
newssheet
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Hackers accessed the personal datum of more than 8 million people by exploit a security vulnerability in a file transfer pecker used by Welltok , the healthcare platform owned by Virgin Pulse .
TechCrunch rule that Welltok ’s data breach observation include “ noindex ” code , which tell hunting engines to ignore the connection Sir Frederick Handley Page , effectively making it more difficult for affected customers to regain the statement by searching for it . It ’s not exculpated for what understanding Welltok hid its data point breach notification from lookup railway locomotive .
Last calendar week , the party aver in adata rift notificationfiled with Maine ’s lawyer full general that the MOVEit hacker accessed the sensitive data of more than 1.6 million individuals . However , extra health care providers that better half with Welltok also confirmed that they had been impacted by the rupture , indicate that more soul had been regard than the figure stated in Welltok ’s disclosure with Maine ’s attorney general .
On Thursday , an update to the U.S. Department of Health and Human Servicesbreach portalconfirmed that the Welltok breach had impacted more than 8 million individuals in total . This makes the incident the secondly largest MOVEit breach , afterthe break of U.S. government contractile organ Maximus that touch 11 million individuals .
As confirmed by Welltok , the compromised information include individuals ’ name , particular date of birth , addresses , Social Security numbers , wellness info , Medicare and Medicaid ID numbers and health insurance information .
The full list of bear on healthcare providers is not yet cognize .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
In its filing with Maine ’s lawyer superior general , Welltok said that the breach affected the radical healthcare plans of Stanford Health Care , Lucile Packard Children ’s Hospital Stanford , Stanford Health Care Tri - Valley , Stanford Medicine Partners and Packard Children ’s Health Alliance , which Welltok said it notified on October 18 .
Separately , Corewell Health , a provider of healthcare services in southeast Michigan that uses Welltok for patient communication , said in apress releaselast week that the health selective information of about one million patients , along with around 2,500 Priority Health members , was compromised by Welltok ’s breach .
Sutter Health , a nonprofit healthcare provider headquarter in Sacramento , alsoconfirmedthat more than 840,000 of its patient role were impacted by the Welltok breach .
St. Bernards , an Arkansas - based healthcare supplier that apply a patient contact - management political program by Welltok , was also regard , the troupe said in astatement . In anearlier filingwith Maine ’s attorney full general , Welltok confirm that the breach impacted almost 90,000 St. Bernards patient .
TechCrunch has asked Welltok for scuttlebutt , but has not received a response at the time of publishing .
concord toresearchers at cybersecurity house Emsisoft , the MOVEit aggregated - hacks — suppose to bethe braggy hacking incident of the yearby the number of individuals sham alone — have impacted more than 2,600 organizations to date , the majority of which are based in the United States .
Emsisoft judge that over 82 million individuals have been impacted so far by the cyberattacks , which have been claim by the notorious Clop ransomware work party . The true number of affected individuals is expected to be significantly higher as more organization come forward .
UPDATE , Nov. 22 , 14:30 p.m. ET : This clause has been updated to admit figures from the U.S. Department of Health and Human Services breach portal .
MOVEit , the biggest jade of the yr , by the act
