Welltok provides data-driven health activation solutions. The company develops a consumer activation platform offering enrichment, patientology, physicianology, and more. It offers services to pharmacies, employers, and more. The company was founded in 2009 and is based in Denver, Colorado. In October 2021, Welltok was acquired by Virgin Pulse.
Welltok's Products & Differentiators
Data-driven, personalized action plan that includes a dynamic set of activities, resources, and content designed for each individual. Includes integrated rewards to incentivize employees to engage in key programs, while providing administrators flexible rule configuration and fulfillment options.
Research containing Welltok
Get data-driven expert analysis from the CB Insights Intelligence Unit.
CB Insights Intelligence Analysts have mentioned Welltok in 3 CB Insights research briefs, most recently on Dec 13, 2022.
Expert Collections containing Welltok
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
Welltok is included in 5 Expert Collections, including Conference Exhibitors.
HLTH is a healthcare event bringing together startups and large companies from pharma, health insurance, business intelligence, and more to discuss the shifting landscape of healthcare
We define wellness tech as companies developing technology to help consumers improve their physical, mental, and social well-being. Companies in this collection play across a wide range of categories, including food and beverage, fitness, personal care, and corporate wellness.
Tech IPO Pipeline
Companies developing artificial intelligence solutions, including cross-industry applications, industry-specific products, and AI infrastructure solutions.
The digital health collection includes vendors developing software, platforms, sensor & robotic hardware, health data infrastructure, and tech-enabled services in healthcare. The list excludes pureplay pharma/biopharma, sequencing instruments, gene editing, and assistive tech.
Welltok has filed 6 patents.
Machine learning, Natural language processing, Computational linguistics, Computer memory, Classification algorithms
Machine learning, Natural language processing, Computational linguistics, Computer memory, Classification algorithms
Latest Welltok News
Feb 2, 2024
What Will 2024 Be Like If the Healthcare Sector Doesn't Step Up? Marianne Kolbasuk McGee ( HealthInfoSec ) • February 1, 2024 Image: Getty For nearly a decade, no matter how bad things seemed to get each year, 2015 remained the record year for U.S. health data breaches - with 112.5 million people affected. That was due mainly to the eye-popping 79 million people affected by just one breach reported in 2015 - the infamous suspected Chinese hack of health insurer Anthem. But all the hacks of 2023 have shattered those records, making it the worst year ever for major health data breaches in U.S. Last year, a record number of major health data breaches - 734 breaches - affecting a record number of individuals - nearly 135.3 million - were reported to U.S. federal regulators. That's equal to more than 40% of the U.S. population having their protected health information compromised in a single year. That's also a lot worse than in 2015 - the year of the Anthem hack - when less than half that number of organizations reported a total of 270 major health data breaches to the U.S. Department of Health and Human Services. The health data breaches in 2023 reflected the trend of a growing number of organizations being hit by data breaches. In 2022, 721 breaches were reported to HHS - only about 23 fewer than in 2023. But the breaches reported in 2022 affected "only" about 56.5 million individuals, which is less than half the number of people affected in 2023. Hacks by far dominated the types of compromises reported in 2023. A total of 587 incidents - representing 80% of all breaches - affected more than 126.6 million individuals - or nearly 94% of people affected by major PHI breaches last year. Third-party business associates - from bill collection companies to medical transcription services - accounted for much of last year's skyrocketing breach totals. Business associates were reported "present" in 275 of the major breaches reported in 2023, affecting nearly 90.3 million people. That's equal to nearly 40% of breaches reported and two-thirds of people affected in 2023. 10 Largest Health Data Breaches in 2023 Breached Entity Source: U.S. Department of Health and Human Services As of Thursday, the HHS Office for Civil Rights' HIPAA Breach Reporting Tool website - which posts reports of PHI breaches affecting 500 or more individuals - shows the largest single breach in 2023 as a hacking incident affecting nearly 11.3 million people, reported in July by Tennessee-based HCA Healthcare as a business associate. But further analysis of the website by Information Security Media Group shows that the largest breach last year actually appears to have been a data theft incident reported to regulators in November by Nevada-based medical transcription firm Perry Johnson & Associates . While PJ&A reported the hack to HHS as affecting nearly 9 million individuals, several of the company's clients also submitted their own separate breach reports to HHS, linked to the same PJ&A incident. As of Thursday, the estimated total number of individuals affected by the PJ&A hack appears to be hovering around 14 million, taking into account several breach reports filed to HHS in recent weeks by the clients of the company (see: Therapy Provider Notifying 4 Million Patients of PJ&A Hack ). Hacking incidents involving data exfiltration or ransomware attacks soared in 2023, contributing to the record-breaking health data breach statistics seen last year (see: Sizing Up the Worst Healthcare Hacks in 2023 ). Those included major hacks on third-party software such as Progress Software's MOVEit and Fortra's GoAnywhere file transfer applications, which resulted in thousands of victim entities globally across all sectors - and tens of millions of individuals, including healthcare patients - having their information stolen. As of Thursday, the largest MOVEit incident affecting the healthcare sector appears to have been reported by Welltok , a medical patient communication services provider that is part of Virgin Pulse. Welltok's MOVEit breach has affected nearly 8.5 million individuals so far. Think Things Are Bad Now? Just Wait. Some experts predict the situation for healthcare sector entities could grow even worse in 2024, given the increasing sophistication of cyberthreats and the high value of health data. Already, new concerning developments are emerging in some of the latest health data hacks, said Mike Hamilton, co-founder and CISO of security firm Critical Insight. "The trend to use records that have been stolen in different ways is troubling - not only directly contacting patients whose records have been disclosed and offering them 'buyout' privileges, but referencing our own regulatory and statutory rules as a further threat: 'Pay us, because the class action suit will be much more expensive,'" he said. Meanwhile, the industry's reliance on digital solutions will continue to pose challenges, significantly if proactive measures aren't intensified, said Ani Chaudhuri, CEO and co-founder of security firm Dasera. "Organizations must enhance their data security strategies by adopting comprehensive, automated solutions focusing on visibility, control and continuous monitoring of sensitive data. The key is not just to react to breaches but to prevent them by understanding where all data resides and ensuring robust governance," Chaudhuri said. "A critical step is the implementation of automated and continuous monitoring systems to detect anomalies in data usage and access, as well as ensuring comprehensive data governance and management. As healthcare data continues to be a prime target for cybercriminals, these enhanced measures are essential in safeguarding sensitive patient information and maintaining trust in the healthcare sector." Regulatory Action HHS OCR told ISMG in a statement that hacking was indeed the most frequent type of large breach reported to OCR in 2023, and network servers the predominate "location" of compromises. Ransomware was a significant subset of reported hacking incidents, the agency said. "Regulated entities should ensure they are implementing all of the HIPAA Security Rule requirements," HHS OCR said. But in addition, last week, HHS issued guidance promoting sets of "essential" and "enhanced" cybersecurity performance goals that entities should adopt to improve their security posture (see: HHS Details New Cyber Performance Goals for Health Sector ). The new CPGs can also assist regulated entities in defending against cyberattacks and safeguarding ePHI, HHS OCR told ISMG. While HHS called the goals "voluntary," the Biden administration has signaled plans for new requirements, coming through a planned update of the HIPAA Security Rule this spring, and new potential regulatory sticks and carrots to incentivize adoption of the CPGs, which are based on the National Institute of Standards and Technology's Cybersecurity Framework and other industry best practices. "National security, patients' rights, the advance of AI both in healthcare services and attacks - these factors are all behind the feds' push," said Padraic O'Reilly, founder and chief innovation officer at cyber risk firm CyberSaint. "Potentially tying the CPGs to Medicare and Medicaid will put the industry on blast, and I generally see positive outcomes to practices when a bit of enforcement is in the mix. This includes the Securities and Exchange Commission," O'Reilly said. The healthcare sector needs to step up its security efforts in order to avoid falling further behind cybercriminals in their ever-evolving scams targeting hospitals, clinics, insurers and the thousands of third parties that help these organizations provide care. "Security breaches are and have been and will continue to be a major concern, in the healthcare industry and more generally," said privacy attorney Kirk Nahra of the law firm WilmerHale. "Cyberattackers clearly are getting more sophisticated - although there still are situations where the attack does not seem particularly sophisticated," he said. Multiple factors are contributing to these breaches, Nahra said. "There is a need for continuing and constant vigilance and updating of security systems. There is a need to pay attention to vendors. But at the same time, it's increasingly difficult to do that up and down long business associate chains," he said. "Many of the business associate breaches that are reported involve downstream entities where there are multiple trails and levels of customers, often in situations where some may not even be healthcare-related," he said. Organization should be paying even more attention to their incident response plans. They should ensure that that they have a good way to respond to breaches and include information about how to address - in advance, where feasible - incidents involving business associates, Nahra said. HHS OCR should be looking for ways to be helpful in these incidents and avoid punishing companies that are trying to do the right thing but get attacked in any event, he said. "More guidance is fine, but creating additional and parallel sets of standards to meet will not be productive. This 'punish the victim' approach is not ultimately helpful for covered entities or the healthcare system." Resources Aplenty There are plenty of cybersecurity resources available that specifically address the array of technology and use cases found across healthcare, if entities are willing to look, said privacy attorney David Holtzman of consulting HITprivacy LLS. They include the recently developed HHS Health/Public Health Cyber Gateway , an information clearinghouse for resources that can assist many kinds of healthcare organizations, Holtzman said. "There is no magic bullet or one-size-fits-all approach that will be effective for all healthcare organizations, but resources are available to assist in addressing many use cases." *Update: Statement from HHS OCR added. Feb. 1, 23:03 UTC.
Welltok Frequently Asked Questions (FAQ)
When was Welltok founded?
Welltok was founded in 2009.
Where is Welltok's headquarters?
Welltok's headquarters is located at 1515 Arapahoe Street, Denver.
What is Welltok's latest funding round?
Welltok's latest funding round is Acquired.
How much did Welltok raise?
Welltok raised a total of $387.75M.
Who are the investors of Welltok?
Investors of Welltok include Virgin Pulse, Qualcomm Ventures, New Enterprise Associates, InterWest Partners, Emergence Capital and 29 more.
Who are Welltok's competitors?
Competitors of Welltok include Virgin Pulse, Limeade, League, mPulse Mobile, Castlight Health and 7 more.
What products does Welltok offer?
Welltok's products include Total Wellbeing and 1 more.
Compare Welltok to Competitors
Vitality Group is a behavioral engagement platform that operates in the health and wellness industry. The company offers solutions that simplify access to care, increase member satisfaction, and drive revenue growth, primarily for health plans and employers. Their services aim to engage members in preventive care and managing chronic conditions, while also enhancing intervention effectiveness and improving member experiences. Vitality Group was formerly known as HumanaVitality. It is based in Chicago, Illinois.
Limeade (ASX: LME) is an employee experience software company. It offers a platform that unifies employee well-being, engagement, and inclusion solutions with communications capabilities. Its primary market is businesses seeking to improve their employee experience and performance. It was founded in 2006 and is based in Bellevue, Washington. In August 2023, Limeade was acquired by WebMD Health Services.
League operates as a digital health platform. The company delivers high-engagement, personalized healthcare experiences for consumers and helps people use solutions powered by League to access, navigate, and pay for care. Primarily, It serves the healthcare industry. The company was founded in 2014 and is based in Toronto, Canada.
Icario operates as a digital-first health action company. The company's main services include a health action platform that uses whole-person data, behavioral science, and digital-first omnichannel pathways to connect individuals to health services. It primarily serves healthcare organizations, including some of the largest health plans. It was founded in 2010 and is based in Minneapolis, Minnesota.
Solera provides digital preventive health solutions. The company offers a software-as-a-service (SaaS) platform to connect a nationwide network of community organizations and digital solutions for chronic disease prevention programs. It was founded in 2015 and is based in Phoenix, Arizona.
Zipari focuses on consumer experience technology within the health insurance industry. The platform offered by the company provides real-time visibility into the customer journey, aiming to transform the consumer experience with solutions that enhance digital engagement, self-service, and operational efficiency. Its services primarily cater to the health insurance industry. It was founded in 2014 and is based in Brooklyn, New York.