(WWJ) - Roughly 1 million Michiganders were impacted after a cyber security breach was discovered at Welltok Inc., a healthcare software-as-a-service company contracted by Corewell Health.
Welltok recently notified over 8 million Americans on behalf of 20 healthcare providers and plans, including Corewell Health, of the data breach stemming from the May 2023 MOVEit hack, stating an unauthorized individual was able to view and exfiltrate sensitive information.
Priority Health -- a Corewell-owned insurance plan -- was also impacted, with data for 2,500 Priority members exposed.
The cyber attack is one of the largest breaches reported to the U.S. Department of Health and Human Services (HHS) so far this year.
According to Welltok, the hackers were able to take advantage of a vulnerability in Progress Software’s MOVEit Transfer server. The company said it immediately patched the vulnerability when it was found on May 31 and made any necessary security upgrades.
While Welltock conducted an examination into the incident, it wasn't until Aug. 11 when a third-party company hired to reconstruct its systems and historical data discovered the breach.
A letter was sent out earlier in November to the 8,493,379 people affected by the massive breach.
“We take this event and the security of personal information in our care very seriously. Upon learning of this event, we moved quickly to investigate and respond to the event and notify potentially affected individuals,” Welltok stated.
Names, addresses, email addresses, and phone numbers, including a small amount of Social Security numbers, health insurance information, and Medicare/Medicaid ID numbers were all reported to have been impacted.
“As part of our ongoing commitment to the security of information, we are reviewing and enhancing our existing policies and procedures related to data privacy to reduce the likelihood of a similar future event," Welltok said.
"While we have no evidence that any of your information has been misused, we are notifying you and providing information and resources to help protect your personal information," Welltok said in a statement.
Welltok opened a dedicated assistance line at 800-628-2141 to help patients who may have questions about the incident.
The company recommended credit monitoring for those affected by the breach.