Centra Care

The CentraCare data breach resulted from the Cl0p ransomware group's exploitation of a zero-day vulnerability in Progress Software's MOVEit Transfer platform. This vulnerability allowed unauthorized access to Welltok Inc., a third-party vendor managing patient communications for CentraCare through its subsidiary, Tea Leaves Health LLC. The breach exposed sensitive personal information, including names, addresses, dates of birth, Social Security numbers, email addresses, phone numbers, insurance details, provider information, and medical diagnoses linked to ICD codes.

Data Included in the Breach