WellLife Network reports cyber attack, data breach

On November 6, 2023, WellLife Network, Inc. ("WellLife") reported a security incident potentially affecting personal information. The WellLife Network is a nonprofit organization that provides an array of services to support individuals with disabilities, mental illness, and addiction in achieving their personal goals for health, recovery, wellness, and independence within the community

The company detected suspicious activities within its network on September 7, 2023, and immediate investigative and remedial actions were undertaken with external cybersecurity experts. The preliminary findings suggest that from August 26, 2023, to September 7, 2023, an unauthorized party accessed WellLife systems, possibly obtaining or viewing sensitive information.

The types of personal information that may have been compromised include

• names,
• birth dates,
• demographic and health details,

The full details will be confirmed once the review is complete. WellLife has not disclosed the number of affected individuals, as they are examining the data to identify whose information was affected.

The company will directly notify those impacted once it ascertains their identities and contact details. Meanwhile, notices have been sent to the U.S. Department of Health and Human Services, Office for Civil Rights, and necessary state regulators.

Update - as of 29th August 2024, WellLife Network sent out data breach letters to anyone who was affected by the incident. WellLife has not disclosed the nature of the attack or number of affected individuals. It's not clear why the formal notification comes almost a year months after the breach.

WellLife advises individuals to monitor their accounts and credit reports for any unusual activities and to report any suspicious transactions. They have also provided steps for individuals to protect their information, including how to obtain free credit reports, set up fraud alerts, and place credit freezes on their files.