The Colorado Department of Health Care Policy & Financing (HCPF) has fallen victim to a supply chain attack on MOVEit, resulting in the theft of records belonging to millions of individuals.
HCPF announced that its third-party contractor, IBM, utilized the MOVEit software, which was exploited by ransomware threat actors known as Clop. This breach led to the compromise of sensitive data belonging to four million customers.
Upon discovery of the breach, HCPF initiated an investigation to determine the extent of the compromised data. It was revealed that certain HCPF files on the MOVEit application, used by IBM, were accessed by unauthorized actors on or around May 28, 2023.
Plenty of Sensitive Information
BleepingComputer reports that HCPF manages various programs, including Health First Colorado (Medicaid) and Child Health Plan Plus, to assist low-income families, the elderly, and individuals with disabilities.
The stolen data encompasses full names, Social Security Numbers, income information, demographic data, birth dates, postal addresses, and other contact information. Additionally, Medicaid and Medicare ID numbers, as well as health and health insurance data, were stolen. This data breach poses a significant risk of identity theft, which may be exploited for purposes such as spear phishing, tax fraud, and wire fraud.
HPCF has taken steps to address the issue by offering two years of credit monitoring services through Experian.
MOVEit is a managed file transfer (MFT) program widely used by prominent organizations for secure sharing of sensitive data. In early June of this year, MOVEit issued a warning about a critical vulnerability, tracked as CVE-2023-34362, which could potentially grant threat actors escalated privileges and unauthorized access to the environment.
Clop claims to have compromised “hundreds” of organizations, including 1st Source and First National Bankers Bank, Putnam Investments, Landal Greenparks, Shell, Datasite, National Student Clearinghouse, United Healthcare Student Resources, Leggett & Platt, ÖKK, and the University System of Georgia.
Source: BleepingComputer
Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Alex Smith is a writer and editor with over 10 years of experience. He has written extensively on a variety of topics, including technology, business, and personal finance. His work has been published in a number of magazines and newspapers, and he is also the author of two books. Alex is passionate about helping people learn and grow, and he believes that writing is a powerful tool for communication and understanding.
