Colorado Says Millions Had Their Healthcare Data Stolen After MOVEit Breach

[ad_1]

The Colorado Department of Health Care Policy & Financing (HCPF) is the latest victim of the MOVEit supply chain attack, with the agency warning that records belonging to millions have been stolen.

As HCFP said in an announcement, its third-party contractor, IBM, used the MOVEit software, through which ransomware threat actors Clop stole sensitive data belonging to four million customers.

HCPF launched an investigation after it was notified by IBM of the breach, to check what data had been compromised. It found that, “certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor on or about May 28, 2023.”

Plenty of sensitive information

HCPF manages the Health First Colorado (Medicaid) and Child Health Plan Plus programs, as well as supporting low-income families, the elderly, and citizens with disabilities, BleepingComputer reports.

The data stolen in the attack includes full names, Social Security Numbers, income information, demographic data, birth dates, postal addresses, and other contact information. Medicaid and Medicare ID numbers, as well as health and health insurance data, were also stolen. This is pure identity theft which can later be used for spear phishing, tax fraud, wire fraud, and more.

To tackle the problem, HPCF said it would provide credit monitoring services via Experian for two years.

MOVEit is a managed file transfer (MFT) program used by many high-profile organizations to share sensitive data, securely. In early June this year, MOVEit warned of a critical vulnerability discovered in its solution (later tracked as CVE-2023-34362), which could grant threat actors “escalated privileges and potential unauthorized access to the environment.”

Clop said it compromised “hundreds” of organizations, including 1st Source and First National Bankers Bank, Putnam Investments, Landal Greenparks, Shell, Datasite, National Student Clearinghouse, United Healthcare Student Resources, Leggett & Platt, ÖKK, and the University System of Georgia.

Via BleepingComputer

[ad_2]
#Colorado #millions #healthcare #data #stolen #MOVEit #breach

Colorado says millions had their healthcare data stolen after MOVEit breach

Leave a Comment Cancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

Beat the blackout: A citizen`s guide to load management as extreme heatwaves overload India`s power transformers

Calcutta HC orders fresh CBI SIT probe into RG Kar rape case `cover-up` claims

Forget just water: The AYUSH guide to `electrolyte-rich`, cooling and hydrating foods for 45°C summer

IMD heatwave alert: 45°C temperature to grip north and east India for next 7 days

Punjab govt`s Sehat Yojana saves woman in critical diabetic emergency

2019 Pulwama terror attack mastermind Hamza Burhan killed by unknown gunmen in PoK

`Cockroaches don`t die!`: Viral Cockroach Janta Party launches defiant new handle after original account withheld by X

Essel Group will remain dedicated to nation for next 100 years, says Dr. Subhash Chandra on 100th Anniversary of Essel Group

Ebola outbreak scare: Delhi airport issues urgent travel advisory; India-Africa summit postponed

Jagan Mohan Reddy accuses CM Chandrababu Naidu of misleading people over Amaravati

Welcome

Categorys

Site Links