WelbeHealth and Cognisight are informing you of an incident involving the personal information of some of our current and past participants related to services provided by Cognisight. Cognisight is a WelbeHealth vendor that provides administrative services in support of the WelbeHealth program.
No WelbeHealth systems were compromised. We are not aware of any reports of improper use of WelbeHealth participant information. We want to make sure you know what happened and have resources to help keep your data safe.
The incident was caused by a security vulnerability in MOVEit software, a third-party application used by Cognisight that enables file transfers. Thousands of individuals around the globe were impacted by the MOVEit vulnerability.
We are providing this information so you can understand more about what happened and how it is being addressed. We also want to inform you of steps you can take to help keep your data safe.
What happened?
On May 31, 2023, Cognisight was notified of a vulnerability in MOVEit software. Cognisight immediately stopped using MOVEit software and began conducting an investigation. On June 5, 2023, Cognisight determined that files were taken. Cognisight has since determined that those files contained personal information of some current and former WelbeHealth participants.
How did Cognisight respond?
Cognisight stopped access to the MOVEit service, securely restored their servers from backups, and applied the patches provided by the MOVEit software provider, Progress. Cognisight reviewed all files to identify anyone whose personal information may have been affected. Cognisight is mailing letters to any impacted individual for whom there is contact information with more information about the incident, and resources available to them, such as credit monitoring and identity restoration services provided at no cost.
What information is involved?
The information may include the following:
- Name and date of birth
- Social security number
- Medicare Beneficiary Identifier (MBI) or Medicaid number
- Medical history/notes (including account numbers, diagnoses, dates of service, treatments, etc.)
- Healthcare provider and prescription information
What can you do?
If you receive a letter from Cognisight informing you that your personal information was involved in this incident, you should follow the steps outlined in that letter. In general, the following steps can help keep your data safe:
- Monitor your accounts.
Review bank and insurance statements for any unusual activity. Report anything suspicious.
- Place fraud alerts.
Place fraud alerts with major credit bureaus to make it harder for anyone to open new accounts using your information.
- Be careful of emails and phone calls from people you don’t know.
Do not provide information or click on links unless you know it is safe.
- Sign up for credit monitoring services.
No-cost benefits may be available through Cognisight.
For more information
We take the privacy of your health information very seriously. We apologize for the inconvenience this incident may cause.
For questions or concerns or to determine whether your information was impacted, please call 1-800-405-6108 Monday through Friday from 8:00 am to 8:00 pm Eastern, excluding holidays.
