Patient information may have been compromised at Corewell Health as the communications software company the organization uses was hit by the massive MOVEit breach that affected companies around the U.S.
Welltok offers patient communication services to Grand Rapids and Southfield, Mich.-based Corewell Health and operates a wellness portal for Priority Health, the health system's health plan.
According to a Nov. 17 breach notification from Corewell, the health records of around 1 million patients and approximately 2,500 Priority Health members were affected by the breach on Welltok.
Names, dates of birth, email addresses, phone numbers, diagnosis, health insurance information and Social Security numbers may have been compromised at Corewell. Names, addresses and health insurance identification numbers may have been compromised at Priority, according to the notification.
The attack on Welltok occurred in May due to hackers accessing the MOVEit file transfer software from Progress Software.
Welltok is offering free credit monitoring for all those affected.