Nearly 8.5M hit by MOVEit hack against Welltok

Almost 8.5 million individuals across the U.S. had their personal data compromised after Denver-based patient engagement firm Welltok had its MOVEit file transfer system subjected to a widespread hack by the Cl0p ransomware operation, BleepingComputer reports. Welltok disclosed that its MOVEit Transfer server was breached in late July even after the immediate implementation of vendor-issued software patches, resulting in the exfiltration of information, including patients' full names, physical and email addresses, phone numbers, Social Security numbers, Medicare or Medicaid ID numbers, and some health insurance data. Aside from Stanford Health Care, Stanford Health Care Tri-Valley, Stanford Medicine Partners, Lucile Packard Children's Hospital Stanford, Packard Children's Health Alliance, and Corewell Health, the Welltok breach has been confirmed to affect Blue Cross and Blue Shield of Minnesota and Blue Plus, Blue Cross and Blue Shield of North Carolina, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of Alabama, and Mass General Brigham Health Plan, among others.