Corewell Health, Priority Health patient data hacked in online breach

FILE - A Cyber Security application logo is displayed on a smartphone screen. (Photo Illustration by Avishek Das/SOPA Images/LightRocket via Getty Images)

Corewell Health data was hacked, exposing about 1 million patients and 2,500 Priority Health patients impacted, according to a report from Welltok, Inc.

According to Corewell no fraudulent activity was detected and that letters have been sent to patients regarding the situation. Welltok is a patient communication service for Corewell and a healthy lifestyle portal for Priority Health.

"Welltok officials say their system and security concerns are resolved, and they are not aware of any instances of fraud or identity theft arising from the event," Corwell said in a release.

Corewell officials say the following information was accessed:

Corewell Health patients: Name, date of birth, email address, phone number, diagnosis, health insurance information and Social Security number

Priority Health members: Name, address and health insurance identification number

Welltok is offering free credit monitoring to everyone impacted. For more information, the dedicated assistance line at 800-628-2141.

On July 26, 2023, Welltok was alerted to an earlier alleged compromise of our MOVEit Transfer server in connection with software vulnerabilities made public by the developer of the MOVEit Transfer tool.

"Welltok had previously installed all published patches and security upgrades immediately upon such patches being made available by Progress Software, the developer of the MOVEit Transfer tool," Welltok said in a release. "Welltok also conducted an examination of our systems and networks using all information available to determine the potential impact of the vulnerabilities we were alerted to on the MOVEit Transfer server and the security of data housed on the server, and confirmed that there was no indication of any compromise at that time.

Welltok said an investigation determined that August 11, 2023 that an "unauthorized actor" exploited software vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and exfiltrated certain data from the MOVEit Transfer server during that time.

On Aug. 26, 2023, Welltok learned that data related to certain individuals was present on the impacted server at the time of the event.

The following health and insurance networks were impacted:

  • Asuris Northwest Health
  • BridgeSpan Health
  • Blue Cross and Blue Shield of Minnesota and Blue Plus
  • Blue Cross and Blue Shield of Alabama
  • Blue Cross and Blue Shield of Kansas
  • Blue Cross and Blue Shield of North Carolina
  • Corewell Health
  • Faith Regional Health Services
  • Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
  • Mass General Brigham Health Plan
  • Priority Health
  • Regence BlueCross BlueShield of Oregon
  • Regence BlueShield
  • Regence BlueCross BlueShield of Utah
  • Regence Blue Shield of Idaho
  • St. Bernards Healthcare
  • Sutter Health
  • Trane Technologies Company LLC and/or group health plans sponsored by Trane Technologies Company LLC or Trane U.S. Inc.
  • The group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance
  • The Guthrie Clinic 
Michigan