Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Welltok, a Healthcare SaaS provider, has issued a warning about a significant data breach that compromised the personal information of nearly 8.5 million patients in the U.S. This breach occurred due to a cyberattack on a file transfer program used by the company.
Earlier in the year, the breach was traced back to an exploit by the Clop ransomware group, which leveraged a zero-day vulnerability in the MOVEit software, affecting thousands of organizations worldwide.
This led to widespread extortion attempts and data leaks impacting over 77 million individuals.
What type of data was compromised?
In the incident, sensitive patient data was exposed, including:
- full names
- email and physical addresses
- telephone numbers.
- for some patients, the breach also compromised Social Security Numbers (SSNs), Medicare/Medicaid IDs, and certain health insurance information.
The breach had an impact on institutions in several states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts, with the following healthcare providers reportedly affected:
- Blue Cross and Blue Shield of Minnesota and Blue Plus
- Blue Cross and Blue Shield of Alabama
- Blue Cross and Blue Shield of Kansas
- Blue Cross and Blue Shield of North Carolina
- Corewell Health
- Faith Regional Health Services
- Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
- Mass General Brigham Health Plan
- Priority Health
- St. Bernards Healthcare
- Sutter Health
- Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
- The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
- The Guthrie Clinic
Welltok’s response and industry implications
In late October, Welltok issued a statement regarding a data breach, indicating that their MOVEit Transfer server was compromised on July 26, 2023.
The breach happened even though the company promptly implemented the security patches provided by the software vendor. The initial estimations of the number of affected individuals were uncertain, as Welltok did not immediately release this information, explains Bleeping Computer.
Welltok reported the breach to the U.S. Department of Health and Human Services, revealing that 8,493,379 individuals were affected.
This makes the Welltok incident the second-largest MOVEit data breach, surpassed only by the Maximus breach, which affected 11 million people.
Safeguarding Your Company Against Zero-Day Attacks
Zero-day vulnerabilities pose serious security risks, exposing you to zero-day attacks that can further damage your computer or personal data. To keep them both safe, it is prudent and highly recommended to implement both proactive and reactive security measures.
- The first step in preventing potential exploits is patching. It is soon followed by traffic filtering and scanning, both of which prevent communication with command and control servers.
- When a zero-day vulnerability is disclosed, most software vendors work quickly to patch it, so make sure to look for a solution.
- Applying software patches as soon as they are made available reduces the exploit window and aids in the prevention of zero-day attacks. Using an automated patch management solution can help you streamline your patching process and improve your vulnerability management efforts.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
