What happened in the Welltok data breach?
Twingate Team
•
May 23, 2024
In May 2023, healthcare software company Welltok experienced a data breach due to the MOVEit hack. The breach impacted millions of individuals and affected customers across the country.
How many accounts were compromised?
The breach impacted data related to approximately 8.5 million individuals.
What data was leaked?
The data exposed in the breach encompassed personal information such as names, addresses, and contact details, along with sensitive data including Social Security numbers and health insurance information.
How was Welltok hacked?
The breach occurred when the Clop hacking group exploited a zero-day vulnerability (CVE-2023-34362) in Progress Software's MOVEit Transfer tool, which Welltok used for transferring large datasets. By exploiting this vulnerability, the hackers gained unauthorized access to Welltok's server and exfiltrated sensitive data, impacting millions of individuals.
Welltok's solution
In response to the hack, Welltok took several measures to secure its platform and prevent future incidents. The company applied the patch and mitigations recommended by Progress Software after being notified of the vulnerability. Welltok is also reviewing and enhancing its existing policies and procedures related to data privacy to reduce the likelihood of a similar future event.
How do I know if I was affected?
Welltok has notified customers believed to be affected by the breach. If you're a Welltok customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or service provider.
For more specific help and instructions related to Welltok's data breach, please contact Welltok directly.
Where can I go to learn more?
If you want to find more information on the Welltok data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Welltok data breach?
Twingate Team
•
May 23, 2024
In May 2023, healthcare software company Welltok experienced a data breach due to the MOVEit hack. The breach impacted millions of individuals and affected customers across the country.
How many accounts were compromised?
The breach impacted data related to approximately 8.5 million individuals.
What data was leaked?
The data exposed in the breach encompassed personal information such as names, addresses, and contact details, along with sensitive data including Social Security numbers and health insurance information.
How was Welltok hacked?
The breach occurred when the Clop hacking group exploited a zero-day vulnerability (CVE-2023-34362) in Progress Software's MOVEit Transfer tool, which Welltok used for transferring large datasets. By exploiting this vulnerability, the hackers gained unauthorized access to Welltok's server and exfiltrated sensitive data, impacting millions of individuals.
Welltok's solution
In response to the hack, Welltok took several measures to secure its platform and prevent future incidents. The company applied the patch and mitigations recommended by Progress Software after being notified of the vulnerability. Welltok is also reviewing and enhancing its existing policies and procedures related to data privacy to reduce the likelihood of a similar future event.
How do I know if I was affected?
Welltok has notified customers believed to be affected by the breach. If you're a Welltok customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or service provider.
For more specific help and instructions related to Welltok's data breach, please contact Welltok directly.
Where can I go to learn more?
If you want to find more information on the Welltok data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Welltok data breach?
Twingate Team
•
May 23, 2024
In May 2023, healthcare software company Welltok experienced a data breach due to the MOVEit hack. The breach impacted millions of individuals and affected customers across the country.
How many accounts were compromised?
The breach impacted data related to approximately 8.5 million individuals.
What data was leaked?
The data exposed in the breach encompassed personal information such as names, addresses, and contact details, along with sensitive data including Social Security numbers and health insurance information.
How was Welltok hacked?
The breach occurred when the Clop hacking group exploited a zero-day vulnerability (CVE-2023-34362) in Progress Software's MOVEit Transfer tool, which Welltok used for transferring large datasets. By exploiting this vulnerability, the hackers gained unauthorized access to Welltok's server and exfiltrated sensitive data, impacting millions of individuals.
Welltok's solution
In response to the hack, Welltok took several measures to secure its platform and prevent future incidents. The company applied the patch and mitigations recommended by Progress Software after being notified of the vulnerability. Welltok is also reviewing and enhancing its existing policies and procedures related to data privacy to reduce the likelihood of a similar future event.
How do I know if I was affected?
Welltok has notified customers believed to be affected by the breach. If you're a Welltok customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or service provider.
For more specific help and instructions related to Welltok's data breach, please contact Welltok directly.
Where can I go to learn more?
If you want to find more information on the Welltok data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions