Welltok, Inc., operating under Virgin Pulse, disclosed a substantial data breach impacting St. Bernards Healthcare, involving unauthorized access to sensitive consumer information. The breach, reported to the Attorney General of Maine on November 13, 2023, compromised a wide array of personal data, including names, Social Security numbers, dates of birth, health insurance details, medical record numbers, provider information, and treatment records.
Welltok, an online platform facilitating critical healthcare communications for professionals and utilized by St. Bernards, became aware of a compromise in its MOVEit server on July 26, 2023. Despite previous installations of patches and security upgrades, an initial investigation did not reveal unauthorized access.
However, a subsequent investigation on August 11, 2023, unveiled unauthorized access to the MOVEit server on May 30, 2023, leading to the removal of specific data, notably affecting patients of St. Bernards. On September 14, 2023, Welltok notified St. Bernards about the extensive breach.
Following the incident, Welltok conducted a comprehensive review of compromised files to identify affected individuals and ascertain the breached information, encompassing a broad spectrum of sensitive data specific to patients’ healthcare records.
The data breach notification letters sent on November 13, 2023, contain details of the compromised information for affected individuals.
Welltok, Inc., a subsidiary of Virgin Pulse, operates in the healthcare services sector. Virgin Pulse, a healthcare software company headquartered in Providence, Rhode Island, is partially owned by Virgin Group, a multinational venture capital conglomerate based in London, England. With approximately 2,000 employees, Virgin Pulse generates an annual revenue of approximately $385 million.
