Millions of Americans’ health data stolen after MOVEit hackers targeted IBM


Share post:

Millions of Americans had their sensitive medical and health information stolen after hackers exploited a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM.

The Colorado Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado’s Medicaid program, confirmed on Friday that it had fallen victim to the MOVEit mass hacks, exposing the data of more than 4 million patients.

In a data breach notification to those affected, Colorado’s HCPF said that the data was compromised because IBM, one of the state’s vendors, “uses the MOVEit application to move HCPF data files in the normal course of business.”

The letter states that while no HCPF or Colorado state government systems were affected by this issue, “certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor.”

These files include patients’ full names, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare ID numbers, income information, clinical and medical data (including lab results and medication), and health insurance information.

HCPF says about 4.1 million individuals are affected.

IBM has yet to publicly confirm that it was affected by the MOVEit mass hacks, and an IBM spokesperson did not respond to a request for comment by TechCrunch.

The breach of IBM’s MOVEit systems also impacted Missouri’s Department of Social Services (DSS), though the number of affected individuals is not yet known. More than 6 million people live in Missouri state.

In a data breach notification posted last week, Missouri’s DSS said: “IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians. The data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS.”

DSS says that the data accessed may include an individual’s name, department client number, date of birth, possible benefit eligibility status or coverage, and medical claims information.

Neither Colorado’s HCPF nor Missouri’s DSS have been listed on the dark web leak site of the Clop ransomware gang, which has claimed responsibility for the mass hacks. In a message on the site, the Russia-linked group claims, “We don’t have any government data.”

The news of Colorado’s latest breach comes just days after the Colorado Department of Higher Education said it had experienced a ransomware incident that saw hackers access and copy 16 years’ worth of data from its systems. Colorado State University also confirmed last month that it had suffered a MOVEit-related data breach impacting tens of thousands of students and academic staff.

Meanwhile, PH Tech, a company that provides data management services to U.S. healthcare insurers, confirmed that it was also impacted by the MOVEit hacks, affecting the health information of 1.7 million Oregon residents.

The largest breach of a U.S. healthcare provider so far this year goes to HCA Healthcare, which involved the names, addresses and appointment details of 11.2 million people in a security lapse unrelated to MOVEit.

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

VW bails on its plan for a $2.1B EV plant in Germany

Volkswagen’s $2.1 billion plan to launch a dedicated electric-vehicle factory in Wolfsburg, Germany is kaput.  The automaker instead...

When predatory investors damage your chances of success

Welcome to Startups Weekly. Sign up here to get it in your inbox every Friday. You know what...

Pudgy Penguins’ approach may be the answer to fixing NFTs’ revenue problems

Pudgy Penguins was once solely known for its 8,888 NFT collection. But ever since 24-year-old Luca Netz...

Two large equity funds launched this week. What gives?

Two large equity funds came out of the gate this week. So, what gives? Earlier this year...

BeReal pushes back at report that it’s losing steam, says it now has 25M daily users

Just under a year ago, the buzzy new social app BeReal looked to be on the rise,...

Why product equity has become a business imperative for the future of digital products

Timothy Bardlavens Contributor Timothy Bardlavens is the director of product equity at Adobe, where he focuses on amplifying Adobe’s...

Elon Musk’s X headed for ‘rule of law’ clash with EU, warns Twitter’s former head of trust & safety

The former head of trust and safety at Twitter has warned the platform now known as X...

WestBridge seeks to buy stake in India’s Meesho

WestBridge Capital is in advanced stages of talks to purchase shares of Meesho in the secondary market,...