CHI Mercy Health reports MOVEit related data breach
Learn More
CHI Mercy Health has reported a significant data breach earlier this year caused by a security compromise at Welltok, Inc., a Software as a Service company utilized by Mercy's parent organization.
Welltok manages an online platform for contract management, specifically designed for healthcare clients like CHI Mercy Health. This platform is used to send notices and communications to patients and members. A server at Welltok, responsible for storing patient's private data, was breached. The breach was first suspected by Welltok on July 26, when they noticed a potential unauthorized access to their MOVEit Transfer server, which occurred in May.
Investigations by Welltok, concluded on August 11, revealed that an unauthorized entity had exploited software vulnerabilities to access the MOVEit Transfer server and extracted certain data. The breach compromised various types of data, including:
- names,
- addresses,
- phone numbers,
- email addresses.
- social security numbers,
- medicare/medicaid ID numbers,
- specific health insurance details like plan or group names,
- health information,
- prescription names,
- treatment details.
The exact number of CHI Mercy Medical Center patients affected by this breach remains unclear.
Despite this breach, Welltok has reported no evidence of actual fraud or misuse of the exposed information. Welltok is offering access to a 12-month Experian Identity Works credit monitoring service and instructions on obtaining a free annual credit report from each credit reporting bureau.
