St. Bernards Healthcare, Inc., a leading healthcare provider, is grappling with a significant security breach that has compromised patient data, raising concerns about the privacy and security of sensitive information. The breach, occurring through vulnerabilities in the MOVEit Transfer tool, was publicly disclosed by Progress Software Corp. on May 31, 2023, and subsequently in June 2023. St. Bernards Healthcare had enlisted Welltok, Inc. to provide an online contact-management platform through its subsidiary, Tea Leaves Health, LLC.
In response to the disclosed vulnerabilities, Welltok, Inc. swiftly took action by applying available patches and implementing recommended mitigation steps to secure the MOVEit Transfer tool. The company launched an internal investigation, collaborating with third-party cybersecurity specialists to assess the potential impact on the security of data housed on the MOVEit Transfer server.
The investigation revealed that an unknown actor had exploited the vulnerabilities, gaining unauthorized access to the MOVEit Transfer server between May 30, 2023, and May 31, 2023. During this breach, certain patient data was exfiltrated from the server. Welltok, Inc. engaged in a meticulous review of the stored data to comprehend its contents and identify the affected individuals.
On September 14, 2023, Welltok, Inc. notified St. Bernards Healthcare, Inc. of the breach, prompting immediate action to address the situation. Patient data potentially accessed by the unknown actor includes names, addresses, dates of birth, social security numbers, email addresses, phone numbers, patient identification numbers, health insurance information, provider names, and medical treatment or diagnosis details.
In response to the breach, Welltok, Inc. has assured St. Bernards Healthcare, Inc. that it is actively reviewing and enhancing existing policies and procedures related to data privacy to mitigate the likelihood of similar incidents in the future.
To assist affected patients, St. Bernards Healthcare, Inc., in collaboration with Welltok, Inc., will initiate notifications by mail on November 13, 2023. The healthcare provider is offering post-incident support, including twenty-four months of complimentary credit monitoring and identity theft protection services provided by Experian for all affected patients. Patients are encouraged to carefully review their account statements, explanation of benefit forms, and monitor free credit reports for any suspicious activity.
For additional information and support, a dedicated toll-free inquiry line has been established by Welltok, Inc. on behalf of St. Bernards Healthcare, Inc. Potentially affected individuals can contact the line at 1-800-628-2141. The inquiry line is operational from 8 a.m. to 10 p.m. Central Time, Monday through Friday, and from 10 a.m. to 7 p.m. Central Time on Saturday and Sunday, excluding major U.S. holidays. The organizations are committed to providing assistance and transparency as affected individuals navigate the aftermath of this security breach.