Welltok Security Breach Exposes Sensitive Data of Over 8 Million US Patients
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Welltok, an enterprise SaaS company in the healthcare segment, disclosed a security incident that affected more than 8 million patients in the US. Related to the MOVEit file transfer cyberattack, the incident exposed personal data of patients associated with several US health plan providers.
In late October, Welltok issued a notice wherein it revealed that despite applying Progress Software-issued security patches and updates, on July 26, 2023, its MOVEit Transfer server was breached .
Upon discovering the breach, the company in assistance with third-party cybersecurity experts launched an investigation that revealed exfiltration of certain patient data by attackers. The compromised data includes, patients’ name, address, phone number, and email ID.
The stolen information varies for each person. For some it includes their Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, or Health Insurance information, while for others, health information like healthcare provider name, prescription name, or treatment code was exposed.
Healthcare providers like Blue Cross and Blue Shield, Corewell Health, Faith Regional Health Services, The Guthrie Clinic, Sutter Health, and more, based in various states including North Carolina, Kansas, Alabama, Michigan, Minnesota, and Massachusetts were impacted.
Additionally, member data of group health plans of Stanford Health Care, of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance was also exposed during this.
Previously, estimates regarding the number of people impacted varied, as the full list of affected healthcare providers or patients was not disclosed by Welltock. However, the data published on the US Department of Health and Human Services breach portal, confirmed that 8,493,379 people were affected in total .
Earlier this year, the zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit file transfer software was exploited by the notorious Cl0p ransomware gang . This attack is said to have affected several corporate and government organizations across the world, resulting in data leaks and ransomware payouts.
Mobile Banking Trojans Targets Users in India via IM Apps
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Microsoft Threat Intelligence researchers have identified new mobile banking trojan campaigns targeting users in India. Distributed primarily through platforms like WhatsApp and Telegram, they impersonate legitimate entities like banks, utilities, and governments to lure victims into installing the malicious apps on their mobile devices.
Once installed, the fake apps steal sensitive information from the victims, including personal details, payment card information, banking details, and account credentials.
In a recent advisory, Microsoft disclosed a shift in the threat actors’ tactics, tools, and procedures (TTPs). From the usual technique of sharing malicious links, the new campaign focuses on distributing malicious APK files directly to Indian mobile users through instant messaging (IM) apps.
The current investigation focuses on two different fraudulent software disguised as Indian banking applications.
The first malware distributed via WhatsApp, is a phishing campaign disguised as a legitimate bank’s KYC-related (Know Your Customer) application. It’s designed to steal a users’ sensitive information, such as debit card details and bank account credentials. The collected data is then exfiltrated and transmitted to the hacker-controlled command-and-control (C2) server and phone number.
The app can also run undetected in the background, while hiding its icon from the home screen. It even tricks the user into allowing dangerous permissions like launcher activity and ‘’send and receive SMS’’.
The second malware involves a fake banking application that tricks users into sharing payment card details, thus exposing users to a financial fraud risk. The targeted information in this instance includes personal details, payment card and other financial information, as well as intercepting and stealing one-time passwords (OTPs).
The technology giant went on to reveal the existence of similar malicious applications targeting Indian users. ‘’Like the two cases discussed above, these campaigns involve sharing the fraudulent apps through WhatsApp and Telegram, and possibly other social media platforms. Moreover, these campaigns select legitimate and even well-known institutions and services in the region to imitate and lure users into a false sense of security,’’ Microsoft revealed.
It also advised users to always install apps exclusively from official stores, to stay vigilant and avoid clicking on unknown links, as well as use mobile security solutions.
