SoatDev IT Consulting
SoatDev IT Consulting
  • About us
  • Expertise
  • Services
  • How it works
  • Contact Us
  • News
  • August 14, 2023
  • Rss Fetcher

Millions of Americans had their sensitive medical and health information stolen after hackers exploiting a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM.

Colorado’s Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado’s Medicaid program, confirmed on Friday that it had fallen victim to the MOVEit mass-hacks, exposing the data of more than four million patients.

In a data breach notification to those affected, Colorado’s HCPF said that the data was compromised because IBM, one of the state’s vendors, “uses the MOVEit application to move HCPF data files in the normal course of business.”

The letter states that while no HCPF or Colorado state government systems were affected by this issue, “certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor.”

These files include patients’ full names, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare ID numbers, income information, clinical and medical data including lab results and medication, and health insurance information.

HCPF says about 4.1 million individuals are affected.

IBM has yet to publicly confirm that it was affected by the MOVEit mass-hacks, and an IBM spokesperson did not respond to a request for comment by TechCrunch.

The breach of IBM’s MOVEit systems also impacted Missouri’s Department of Social Services (DSS), though the number of affected individuals is not yet known. More than six million people live in Missouri state.

In a data breach notification posted last week, Missouri’s DSS said: “IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians. The data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS.”

DSS says that the data accessed may include an individual’s name, department client number, date of birth, possible benefit eligibility status or coverage, and medical claims information.

Neither Colorado’s HCPF nor Missouri’s DSS have been listed on the dark web leak site of the Clop ransomware gang, which has claimed responsibility for the mass attacks hacks. In a message on the site, the Russia-link group claims, “We don’t have any government data.”

The news of Colorado’s latest breach comes just days after the Colorado Department of Higher Education said it had experienced a ransomware incident that saw hackers access and copy 16 years’ worth of data from its systems. Colorado State University also confirmed last month that it had suffered a MOVEit-related data breach impacting tens of thousands of students and academic staff.

Meanwhile, PH Tech, a company that provides data management services to U.S. healthcare insurers, confirmed that it was also affected by the MOVEit hacks, affecting the health information of 1.7 million Oregon residents.

The largest breach of a U.S. healthcare provider so far this year goes to HCA Healthcare, which involved the names, addresses and appointment details of 11.2 million people in a security lapse unrelated to MOVEit.

The MOVEit mass hacks hold a valuable lesson for the software industry

Previous Post
Next Post

Recent Posts

  • Why call one API when you can use GraphQL to call them all?
  • Tariffs on SA Exports: How Can Local Businesses Prepare for the Impact
  • Slate Auto drops ‘under $20,000’ pricing after Trump administration ends federal EV tax credit
  • Everyone in tech has an opinion about Soham Parekh
  • Cluely’s ARR doubled in a week to $7M, founder Roy Lee says. But rivals are coming.

Categories

  • Industry News
  • Programming
  • RSS Fetched Articles
  • Uncategorized

Archives

  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023

Tap into the power of Microservices, MVC Architecture, Cloud, Containers, UML, and Scrum methodologies to bolster your project planning, execution, and application development processes.

Solutions

  • IT Consultation
  • Agile Transformation
  • Software Development
  • DevOps & CI/CD

Regions Covered

  • Montreal
  • New York
  • Paris
  • Mauritius
  • Abidjan
  • Dakar

Subscribe to Newsletter

Join our monthly newsletter subscribers to get the latest news and insights.

© Copyright 2023. All Rights Reserved by Soatdev IT Consulting Inc.