Welltok Data Breach: 8,493,379 Individuals Affected

Patient engagement firm, Welltok, owned by Virgin Pulse, has confirmed it was a victim of the Clop hacking group, resulting in a data breach affecting over eight million individuals. The Clop group exploited a zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer file transfer tool in May 2023. Welltok used the MOVEit Transfer tool to transfer large datasets across the internet as part of its services to health plans.