Please do not leave this page until complete. This can take a few moments.
More than 800,000 Connecticut residents had their personal information compromised during a data breach of an online wellness program used by health care providers and businesses, including some Connecticut health systems.
Officials at Welltok, based in Denver, Co., notified companies using the program in September of the breach. On Dec. 22, the company began providing written notice to people whose data may have been compromised. That includes 847,356 Connecticut residents, a lawyer for Welltok wrote in a letter to the state Attorney General’s Office.
The breach appeared to take place earlier in the year through a tool Welltok uses called MOVEit.
“On July 26, 2023, Welltok was alerted to an earlier alleged compromise of its MOVEit Transfer server in connection with software vulnerabilities made public by the developer of the MOVEit Transfer tool,” Rebecca Jones, an attorney for WellTok, wrote in a Dec. 22 letter to the Attorney General. “Welltok had previously installed all published patches and security upgrades immediately upon such patches being made available by Progress Software, the maker of the MOVEit Transfer tool.
“After a full reconstruction of its systems and historical data, the investigation determined on August 11, 2023, that an unknown actor exploited software vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and exfiltrated certain data from the MOVEit Transfer server during that time. Welltok subsequently undertook an exhaustive and detailed reconstruction and review of the data stored on the server at the time of this incident … Since then, Welltok has been coordinating efforts with the impacted data owner(s) to review and verify the affected information and provide direct notice to impacted individuals.”
Information that may have been breached included names, birth dates, Social Security numbers, treatment information/diagnoses, provider names, patient IDs, health insurance information, and treatment cost information, Jones wrote.
Welltok offered credit monitoring services for 12 to 24 months, depending on state law requirements, through Experian, to people whose personal information may have been impacted, Jones wrote. She could not immediately be reached for comment.
Yale New Haven Health was one of the systems affected by the breach. In late December, Welltok notified Yale patients whose data was compromised.
“Yale New Haven Health was recently made aware that one of our outside vendors had been subject to a data breach,” said Dana Marnane, a spokeswoman for YNHH. “Welltok, a provider of customer relationship management tools, determined that an unauthorized third party had accessed data from MOVEit – a file transfer program they utilize. The MOVEit breach has unfortunately affected millions of people at companies around the world. In the case of YNHHS data, no personal financial information such as bank account, social security number nor credit card information was accessed. Welltok is notifying all those impacted and offering free credit monitoring services.”
Marnane did not say how many people in YNHH’s network were affected.
In a letter to Yale New Haven Health patients, Welltok wrote: “On October 25, 2023, Yale New Haven Health learned the scope of the data present on the impacted server at the time of the event. Since then, we have been coordinating efforts with Yale New Haven Health to review and verify the affected information and provide direct notice to impact individuals. … The information contained in the affected files included your name and [patient] ID, date of birth, health insurance information, provider name, treatment cost information, and treatment information or diagnosis. Your Social Security Number and financial information were not affected as a result of this incident.”
The data breach affected dozens of companies across the country, including Blue Cross and Blue Shield of Minnesota and Blue Plus, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Centerwell Pharmacy, Health Insurance Plan of Greater New York, Holzer Health System, Horizon Blue Cross Blue Shield of New Jersey, Humana Inc., Mass General Brigham Health Plan, Priority Health, and Trinity Health, among others.
This special edition informs and connects businesses with nonprofit organizations that are aligned with what they care about. Each nonprofit profile provides a crisp snapshot of the organization’s mission, goals, area of service, giving and volunteer opportunities and board leadership.
Learn moreHartford Business Journal provides the top coverage of news, trends, data, politics and personalities of the area’s business community. Get the news and information you need from the award-winning writers at HBJ. Don’t miss out - subscribe today.
SubscribeDelivering Vital Marketplace Content and Context to Senior Decision Makers Throughout Greater Hartford and the State ... All Year Long!
Read HereThis special edition informs and connects businesses with nonprofit organizations that are aligned with what they care about. Each nonprofit profile provides a crisp snapshot of the organization’s mission, goals, area of service, giving and volunteer opportunities and board leadership.
Hartford Business Journal provides the top coverage of news, trends, data, politics and personalities of the area’s business community. Get the news and information you need from the award-winning writers at HBJ. Don’t miss out - subscribe today.
Delivering Vital Marketplace Content and Context to Senior Decision Makers Throughout Greater Hartford and the State ... All Year Long!
In order to use this feature, we need some information from you. You can also login or register for a free account.
By clicking submit you are agreeing to our cookie usage and Privacy Policy
Already have an account? Login
Already have an account? Login
Want to create an account? Register
In order to use this feature, we need some information from you. You can also login or register for a free account.
By clicking submit you are agreeing to our cookie usage and Privacy Policy
Already have an account? Login
Already have an account? Login
Want to create an account? Register
This website uses cookies to ensure you get the best experience on our website. Our privacy policy
To ensure the best experience on our website, articles cannot be read without allowing cookies. Please allow cookies to continue reading. Our privacy policy
0 Comments