Skip to main content
Medical Record

Stanford Health Care Data Breach Claims | Virgin Pulse | Welltok

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm has filed numerous class action data breach lawsuits in relation to the MOVEit file transfer ransomware attack in May 2023. The investigation continues after notice was sent to millions of individuals with links to Welltok, Virgin Pulse and Stanford Health Care.

Welltok, Inc. has reported a few data breach incidents in recent days, including a leak of personal data relating to group health plans of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children’s Health Alliance.

What Happened at Stanford Health Care?

On July 26, 2023, Welltok was alerted to a compromise of its MOVEit Transfer server in connection with software vulnerabilities that has upended hundreds of entities and millions of individuals. At the time, Welltok recognized no indication of a data compromise, but launched an investigation with the assistance of experts.

On October 18, 2023, the group health plans of Stanford Health Care, Lucile Packard Children’s Hospital Stanford, Stanford Medicine Partners, and Packard Children’s Health Alliance learned that a large amount of health information may have been leaked in the late May 2023 attack.

The information allegedly subject to unauthorized access included name, address, date of birth, and health information. According to reports, 1.6 million individuals may have had their data leaked, not including the other entities notified by Welltok (Sutter Health and St. Bernards Healthcare).

Following any data theft incident, victims should remain vigilant and look for signs of fraud or identity theft. Medical identity theft is on the rise, and cybercriminals can engage in several fraudulent schemes with just a small amount of personal information. Compensation may be available for plaintiffs in California and nationwide. Contact our data breach lawyers to discuss a possible IT security negligence case against those responsible for the Welltok – MOVEit attack.

The Lyon Firm represents plaintiffs in California and nationwide. We believe very strongly that companies who collect and store sensitive health information and personal data have a duty to protect it with reasonably secure networks. Should they fail to properly secure your data, they may be violating privacy laws and can be held accountable.