The Colorado Department of Health Care Policy and Financing (HCPF), the folks in charge of Colorado’s Medicaid program, got hit hard, and more than 4 million patient records got exposed in the process.
The Colorado Department of Health Care Policy and Financing (HCPF), which is responsible for administering Colorado’s Medicaid program, confirmed on Friday that it had fallen victim to the MOVEit mass hacks, exposing the data of more than 4 million patients.
In a data breach notification to those affected, Colorado’s HCPF said that the data was compromised because IBM, one of the state’s vendors, “uses the MOVEit application to move HCPF data files in the normal course of business.”
Hackers target IBM
The hackers exploited a vulnerability in the super popular MOVEit file transfer software that IBM uses and here’s what those files held: full names, birthdays, addresses, Social Security digits, Medicaid and Medicare ID numbers, money info, medical details like lab results and meds, and health insurance stuff.
A cybersecurity advisory panel in the US will investigate the risks involved in cloud computing and whether Microsoft had a role to play in the recent breach of government email systems by Chinese hackers.
Hackers did not damage the network, just stole data
This attack on IBM’s MOVEit systems also got to Missouri’s Department of Social Services (DSS), affecting many people. Missouri has more than 6 million residents. DSS made it clear that this data breach didn’t mess with their systems directly, but it did mess with the data they had. So, names, client numbers, birthdates, benefits info, and medical claims data might’ve been nabbed.
In one of the biggest hacks or data leaks to have hit the US, healthcare and personal data of over 10 million people have been stole by a group of hackers, targeting IBM.
Another govt department hacked
Right on the heels of all this chaos, the Department of Higher Education there got hit with ransomware, too. Hackers swiped have 16 years’ worth of data. Last month, Colorado State University got caught up in a MOVEit-related mess, affecting lots of students and staff.
PH Tech, the company that takes care of data for several healthcare insurers, got tangled up in the MOVEit hacks. They’re saying 1.7 million Oregon residents’ health info got hit.
The letter states that while no HCPF or Colorado state government systems were affected by this issue, “certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor.”