Helpful Articles

Console & Associates, P.C.: Stanford Health Data Breach Investigation Reveals 1.6 Group Health Plan Users Impacted

Throughout November 2023, Welltok, Inc. (Welltok) has filed a series of notices involving compromised health data. Welltok is a healthcare software company that works with many major healthcare systems, such as Stanford Health Group. As of November 17, Welltok informed the Attorney General of Maine that a vulnerability in the MOVEit transfer tool caused a data breach that impacted Stanford Health Group Health Plan members.

According to the Welltok data breach investigation, this leak includes the personal identifiable information (PII) and health information of up to 1.6 million people. If this data breach affected you, you should receive a data breach notification from Welltok. Read it closely, save it for future access, and use the advice from our Guide for Victims of Data Breaches to protect yourself. From there, reach out to a Stanford Health Group Health Plan data breach lawyer for further guidance.

Call 866-778-5500 or send us an email to to set up a free consultation with the law firm of Console & Associates, P.C.

To learn more about the Stanford Health data breach, read our blog here:

What Caused the Welltok Data Breach Affecting Stanford Health Group Health Plans?

According to Welltok's filing, they became aware of a breach potentially impacting their servers on July 26, 2023. It dated back to May 30-31st, 2023, the infamous MOVEit breach associated with ransomware groups such as “Clop.”

While Welltok initially believed it hadn't lost any data from the MOVEit breach,   follow-up Stanford Health data breach investigation revealed otherwise. On August 11, 2023, the company discovered that an unauthorized party had removed many files from their MOVEit server. This included customer's PII and health information, and afflicted the following the following Stanford Health group health plans:

?      Stanford Health Care

?      Stanford Health Care Tri-Valley

?      Stanford Medicine Partners

?      Lucile Packard Children's Hospital Stanford

?      Packard Children's Health Alliance

By November 17, 2023, Welltok had already begun notifying victims of the data they'd lost in the breach. Among other things, these letters document the compromised information and provide related information on the leak.

The leaked information includes name, address, phone number, and medical information. This could lead to targeted calls for scams and other harassment, as well as potential medical fraud. Changing your phone number and reviewing your medical bills closely to dispute any incorrect charges can help you manage the risks involved with this identity theft leak.

More Information About Welltok and Stanford Health

Welltok, Inc. is a healthcare services and support company that provides for many healthcare systems. One of its customers is Stanford Health, which treats more than a million patients each year. Welltok is a subsidiary of Virgin Pulse, a Rhode Island-based healthcare software company with around 2,000 people and an annual revenue close to $400 million.


Virgin Pulse is under Virgin Group, a London-based multinational venture capital conglomerate. The group owns over 40 Virgin companies that are collectively worth more than $3 billion, with around 60,000 employees. Such large organizations should be able to secure your personal data, and they have a duty to.


If our Stanford data breach investigation reveals that negligence from Virgin Pulse or Welltok contributed to the leak, you may be entitled to compensation. Call 866-778-5500 or send us an email to to schedule a free consultation and begin on your path to justice.

About the Author
Richard Console
Posted - 11/22/2023