In July of 2023, Welltok was alerted to a data breach affected by MOVEit Transfer software.
After a full reconstruction of its systems and historical data, the investigation determined on August 11, 2023, that an unknown actor exploited software vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and exfiltrated certain data from the MOVEit Transfer server during that time. The company deployed a patch on May 31, 2023.
The information that could have been subject to unauthorized access includes name, date of birth, Social Security number, treatment information/diagnosis, provider name, MRN/ patient ID, health insurance information and treatment cost information.