CHI Health Data Breach | Join the MOVEit Class Action Lawsuit
The Lyon Firm is investigating CHI Health data breach claims for plaintiffs nationwide. Our data breach lawyers have filed several complaints relating to the May 2023 MOVEit cyberattack that has impacted thousands of organizations and over 90 million individuals. Contact our legal team to discuss joining the WellTok class action lawsuit.
What Happened at CHI Health?
CommonSpirit Health, or CHI, said in a statement, “WellTok, Inc. is notifying the public of an event that may affect the privacy of certain individuals’ information. Because WellTok is a vendor of CommonSpirit Health, we want to ensure that anyone affected by the WellTok event follows processes to get the help and support they need.”
CommonSpirit stressed that its health system itself was not breached, though patient data may be compromised. CHI Health, along with many other healthcare entities, utilized Welltok as a third party vendor. Welltok describes itself as “a data-driven, enterprise SaaS company that delivers the healthcare industry’s leading consumer activation platform.”
On July 26, 2023, Welltok confirmed that MOVEit transfer software vulnerabilities led to the unauthorized access and theft of a large amount of data that belonged to Welltok and clients. Welltok installed all the recommended Progress Software patches and security upgrades, but to no avail.
The Welltok data breach investigation determined on August 11, 2023 that an unauthorized actor had in fact exploited software vulnerabilities, accessed the MOVEit Transfer server on May 30, 2023, and exfiltrated large troves of data from the server. Welltok then provided notice to impacted individuals on behalf of the following organizations:
- CHI Health – Nebraska
- CHI Memorial
- CHI Mercy Health
- CHI St. Joseph Health
- CHI St. Luke’s
- CHI St. Vincent
CHI (formerly Alegent Health) is a regional healthcare network headquartered in Omaha. In February 2019, parent company CHI merged with Dignity Health, forming CommonSpirit. The combined organization consists of 28 hospitals, two stand-alone behavioral health facilities, and more than 150 employed physician practices in Iowa, Minnesota, Nebraska, and North Dakota.
Every case may be different and it is not clear who has had their personal information used fraudulently by cybercriminals. It is also a possibility that victims will be at risk of medical identity theft and fraudulent schemes. Anyone impacted should begin to take certain measures to protect themselves, including closely monitoring accounts and credit reports. Stay alert and look for any signs of fraud, and contact an attorney to learn more about your legal options.
The Lyon Firm is currently involved in numerous class action data breach lawsuits and has filed claims on behalf of victims nationwide. Join the MOVEit WellTok data breach lawsuit. Contact our attorneys to learn more about the legal process and to see if you qualify for compensation.