Healthcare SaaS provider Welltok has disclosed a data breach that has compromised the personal information of nearly 8.5 million patients in the United States.
The breach occurred when a file transfer program used by the company was compromised by hackers.
The company’s initial estimates regarding the number of affected individuals varied as it took time to fully ascertain the extent of the breach. However, it has now been confirmed through the U.S. Department of Health and Human Services breach portal that 8,493,379 individuals have been impacted. This makes the Welltok breach the second largest MOVEit data breach, surpassing the breach involving services contractor Maximus, which affected 11 million people.
The exposed data includes a wide range of personal information, such as names, addresses, dates of birth, Social Security numbers, medical diagnoses, and medication histories. This sensitive information could be used for identity theft, financial fraud, or other malicious purposes.
The company has notified affected individuals and is offering them credit monitoring and identity theft protection services.
