MOVEit Hackers Compromise Health Data Of Millions Of Americans After Targeting IBM

Posted on August 14, 2023 at 3:00 AM

MOVEit Hackers Compromise Health Data Of Millions Of Americans After Targeting IBM

The effects of the breach on the MOVEit file transfer software are still being felt. The breach has led to millions of Americans having their sensitive medical and health information stolen. The MOVEit file transfer software faced a breach after threat actors exploited a zero-day security vulnerability and gained access to the systems operated by IBM.

MOVEit hackers target IBM to steal health data

The Colorado Department of Health Care Policy and Financing (HCPF) reported the compromise on health information. The department administers the program offered by the Colorado Medicaid program.

HCPF confirmed the data breach on Friday last week, saying that its systems had been compromised because of the mass hacks on the MOVEit file transfer software. These hacks exposed data belonging to over four million patients.

Colorado’s HCPF also issued a notification on this data breach, saying that the data had been compromised after the attackers targeted IBM, which is one of the vendors in the state. The tech company relies on the MOVEit application to transfer HCPF data files during the normal business operations.

The letter has also said that the data breach did not affect the Colorado state government systems or HCPF. The breach was secluded to some HCPF files that resided on the MOVEit application used by IBM. The malicious hackers accessed these files.

The files contained the details of patients, such as their full names, dates of birth, home addresses, social security numbers, Medicaid and Medicare ID numbers, clinical data, medical data, income information, and health information. The details also included the lab results and medication prescribed to these patients.

According to HCPF, this data breach affected around 4.1 million individuals. IBM has yet to issue a public confirmation of being affected by the mass hacks on the MOVEit file transfer system. However, this breach appears to have caused widespread damage to the targeted systems.

IBM’s MOVEit hack had massive effects

The breach of the IBM MOVEit file transfer system also resulted in a breach of the Missouri Department of Social Services (DSS). However, the number of individuals affected by this breach is yet to be determined. Missouri is one of the most populous states in the US, with over six million people residing there.

The Missouri DSS published a data breach notification saying that IBM was a vendor that offered its services to the department. It noted that the agency provided Medicaid services to eligible people in Missouri. As such, the vulnerability exploited by the hackers did not cause a direct impact on the DSS systems, but it only affected the data belonging to the department.

The statement by Missouri’s DSS also said that the data that the hackers accessed might include an individual’s name, department client number, date of birth, possible benefit eligibility status or coverage, and information about medical claims.

While the Colorado HCPF and the Missouri DSS have admitted to the data breach, none of the breached information has been leaked on the dark web. The MOVEit mass hack was attributed to the Clop ransomware group that claimed responsibility, but it has not posted any of the health information breached.

The Russian-linked hacker group has also said it does not possess any government data after this breach. Besides being affected by the MOVEit hack, the state of Colorado has also reported a series of hacking attacks.

The Colorado Department of Higher Education released a statement saying it had suffered a ransomware incident that led to hackers gaining access to 16 years of data stored in the system. After getting access to this data, the hackers later copied it.

The Colorado State University also confirmed a data breach last month. The institution said it was the victim of a data breach linked to the MOVEit mass hacks. The breach affected tens of thousands of students and academic staff at the institution.

PH Tech, which offers data management services to healthcare insurers in the US, also confirmed that it was affected by hacks on the MOVEit transfer firm. The breach affected the health information belonging to 1.7 million residents in Oregon.

However, this year’s largest data breach of US healthcare providers reported so far was on HCA Healthcare. The breach saw the names, addresses, and appointment data of 11.2 million people being breached in a security issue unrelated to the MOVEit breach.

Summary
MOVEit Hackers Compromise Health Data Of Millions Of Americans After Targeting IBM
Article Name
MOVEit Hackers Compromise Health Data Of Millions Of Americans After Targeting IBM
Description
MOVEit hackers targeted IBM to steal health data. The breach led to millions of Americans having their sensitive medical and health information stolen. MOVEit hackers exploited a zero-day security flaw.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading