CHI St. Alexius reports MOVEit related data breach

A substantial data breach has impacted patients of CHI St. Alexius, with those affected being informed through correspondence sent by Welltok, Inc.

Welltok is a third-party service provider involved in the incident. This breach was first identified by Welltok at the end of July, revealing that it occurred over the summer months. On November 7, Welltok disclosed the full scale of the breach to St. Alexius.

The breach stems from hackers exploiting a weakness in the MOVEit file transfer tool used by Welltok. This security lapse led to the unauthorized access of sensitive patient data, including names, addresses, and insurance details.

CHI St. Alexius had previously encountered a separate data breach about a year prior, affecting nearly 620,000 individuals, as reported by the HIPAA Journal.

In response to the recent breach, CHI released a statement clarifying that the notification of the breach is being conducted by Welltok, Inc. and not by CommonSpirit Health, its parent organization. CHI aims to ensure that all affected individuals receive the necessary assistance and support.

Welltok has stated that there is no current evidence of the misused stolen data. As a precaution and to assist those affected, the company is offering one year of credit monitoring services.