healthcare data breach

Healthcare Hacks: Welltok and Ardent Take the Spotlight

In the past few days, we’ve learned about two major cyber attacks that have disrupted healthcare operations and affected millions of patients.

  • Welltok, Inc., a patient communication services provider based in Denver, is another victim of the massive MOVEit data breach. Although the hack was initially reported in July, the Welltok breach was recently posted on the HHS Office for Civil Rights (OCR) breach reporting website, noting that 8,493,379 patients were affected.
  • Ardent Health Services, based in Nashville, operates dozens of hospitals and other healthcare facilities in several states. On Monday, it said it is dealing with a ransomware attack that has forced emergency room patient diversions and other service interruptions.


In late October, Welltok explained that it began an investigation of the MOVEit data breach in July after receiving notice that its server may have been compromised. Welltok is a third-party vendor and HIPAA business associate providing patient communication services to health plans and other healthcare organizations nationwide.

Welltok discovered that patient data exposed during the breach included name and address, telephone number, and email address. For some, it included Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. Certain health information, such as a provider name, prescription name, or treatment code, may have been included for other individuals.

The OCR breach reporting website shows that Welltok’s MOVEit hacking incident is the fourth-largest of about 606 major health data breaches reported to U.S. federal regulators so far in 2023.

Ardent Health Services

This ransomware attack is the latest in a string of attacks that resulted in ambulance diversions and service interruptions.

Ardent operates 30 hospitals and over 200 healthcare sites in six states – Texas, Oklahoma, Kansas, Idaho, New Mexico, and New Jersey.

Not much is known about this incident yet. Ardent published a notice yesterday and explained that it had discovered the cyber attack on November 23; Ardent notified law enforcement and began an investigation.

In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics. In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.

The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.

Follow the HIPAA Security Rule for the Best Protection Against Cybercrime

The Security Rule Checklist in The HIPAA E-Tool® provides all the questions you need to answer to complete a thorough HIPAA Risk Analysis. Drawn from the Security Rule and NIST, the Checklist helps you honestly evaluate your current set-up and guides you to the recognized security solutions you need to reduce exposure to ransomware and other cyber crimes that endanger patient data.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2024 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU