Corewell Health reports MOVEit related data breach

Over a million residents in Michigan have been impacted by a data breach reported by Corewell Health. Previously known as Beaumont Health, Corewell is a prominent non-profit health organization based in Michigan, United States. It is one of the largest healthcare providers in the state.

The breach occurred on May 30 due to a cyberattack that exploited vulnerabilities in the MOVEit Transfer server. This server is associated with Welltok, Inc., the software provider responsible for communications services at Corewell Health's properties in southeastern Michigan.

This breach exposed sensitive information of approximately one million patients of Corewell Health, including their:

• names,
• birth dates,
• email addresses,
• phone numbers,
• medical diagnoses,
• health insurance details,
• Social Security numbers.

Additionally, about 2,500 users of the Priority Health healthy lifestyle portal, which is affiliated with Corewell, had their names, addresses, and health insurance ID numbers compromised.

Welltok has begun notifying affected patients whose addresses are on file. However, those who suspect they might be impacted are encouraged to contact Welltok's dedicated assistance line at 800-628-2141. Additionally, individuals can file a complaint with the Michigan Attorney General’s Consumer Protection Team for further assistance and support regarding this breach.