Hospital & Medical Foundation of Paris, Inc
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The breach at the Hospital & Medical Foundation of Paris, Inc., doing business as Horizon Health, was part of a larger cybersecurity incident involving Welltok, Inc., a healthcare SaaS provider. This incident was a consequence of a cyberattack on Welltok’s MOVEit Transfer server, which occurred on July 26, 2023. The attack exploited a zero-day vulnerability in the MOVEit software, leading to the exposure of personal information belonging to nearly 8.5 million patients across the United States, including those associated with Horizon Health in Illinois.
The data compromised in this breach included sensitive patient information such as full names, email addresses, physical addresses, and telephone numbers. For some individuals, more sensitive data such as Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and specific health insurance information were also exposed. The breach was attributed to the activities of the Clop ransomware gang, which took advantage of the software vulnerability to execute the attack.
Horizon Health was among numerous healthcare providers and organizations affected by this breach, which had a significant impact on institutions in several states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois, and Massachusetts. The breach at Horizon Health specifically affected 16,598 individuals[4][15].
Welltok responded to the incident by publishing a notice of the data breach and reported the breach to the U.S. Department of Health and Human Services, confirming that 8,493,379 individuals were impacted overall. This incident ranks as the second-largest MOVEit data breach, following the Maximus breach that affected 11 million people[3][7]. Welltok has offered free credit monitoring to all impacted individuals and has resolved the system and security concerns related to the breach[2].
Citations:
- https://www.myhorizonhealth.org/patients-visitors/welltok-breach-2023/
- https://www.cbsnews.com/detroit/news/corewell-health-security-breach-priority-welltok-inc-information-concerns/
- https://www.zzservers.com/massive-welltok-data-breach-confidential-information-of-8-5-million-us-patients-exposed/
- https://www.hipaajournal.com/welltok-data-breach/
- https://www.michigan.gov/ag/news/press-releases/2023/12/01/corewell-health-data-breach-exposes-info-of-one-million-michigan-patients
- https://heimdalsecurity.com/blog/welltok-data-breach-affects-over-8-5-million-patients/
- https://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://timesofindia.indiatimes.com/gadgets-news/welltok-hack-exposed-the-personal-data-of-around-8-5-million-patients-in-the-us/articleshow/105474548.cms
- https://kffhealthnews.org/news/hospital-penalties/
- https://www.mlive.com/news/2023/12/national-data-breach-could-affect-1-million-corewell-health-clients-other-health-systems.html
- https://www.myhorizonhealth.org/blog-news/2023/december/horizon-health-a-top-hospital-for-physician-comm/
- https://www.askwoody.com/forums/topic/welltok-data-breach-exposes-data-of-8-5-million-us-patients/
- https://www.linkedin.com/posts/carol-forden_welltok-data-breach-exposes-data-of-85-million-activity-7134191866291392512-69Kd
- https://www.hipaajournal.com/october-2023-healthcare-data-breach-report/