Subscribe to our newsletter and stay informed
August 16, 2023

Major Healthcare Data Breach Shakes America: MOVEit Hackers Target IBM Systems

Health Data Heist: Hackers Exploit Software Flaw to Steal Millions' Medical Info

In a shocking development that underscores the critical vulnerabilities in healthcare data security, millions of individuals have fallen victim to a massive data breach involving the widely used MOVEit file transfer software. The breach exploited a zero-day vulnerability and specifically targeted systems operated by tech giant IBM. The implications are vast and unsettling.

The Colorado Department of Health Care Policy and Financing (HCPF), entrusted with overseeing Colorado's Medicaid program, revealed the extent of the breach: over 4 million patients have had their sensitive medical and health information compromised. The cause? IBM's utilization of the MOVEit application in its routine operations.

In a direct breach notification to the affected individuals, Colorado's HCPF clarified that though its systems remained untouched, the unauthorized access occurred via IBM's MOVEit application. This breach exposed a staggering amount of personal data, including patients' full identities, birthdates, addresses, Social Security numbers, and intricate health and clinical records.

Impacted by this breach, Missouri's Department of Social Services (DSS) also reported potential data compromises. The incident revealed that IBM's services to DSS inadvertently led to a breach affecting data, including individuals' names, department client numbers, birthdates, benefit eligibility status, and medical claims information.

The breach bears the hallmarks of the Clop ransomware gang, a Russia-linked group that has previously orchestrated such attacks. Yet, neither Colorado's HCPF nor Missouri's DSS appears on the dark web leak site associated with Clop, and the group disavows any involvement with government data.

These alarming breaches continue to punctuate a disconcerting trend. The Colorado Department of Higher Education recently experienced a ransomware incident, while Colorado State University grappled with its own MOVEit-related breach. In parallel, PH Tech, a data management services provider for U.S. healthcare insurers, disclosed its impact, affecting the health records of 1.7 million Oregon residents.

As the dust settles on this egregious breach, it's clear that healthcare data security remains a critical concern. The year's largest healthcare provider breach, unrelated to MOVEit, belongs to HCA Healthcare, underscoring the need for steadfast cybersecurity measures in an increasingly digital healthcare landscape. The implications for affected individuals, the healthcare industry, and data protection regulations are profound and demand a thorough reevaluation of data security protocols.

Josefina Dipaolo
Josefina Dipaolo
Content Writer at TechNews180
Back to top

Related articles

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram