Healthcare , Incident & Breach Response , Industry Specific

MOVEit Health Data Breach Tally Keeps Growing

More Hacks Compromising Protected Health Info Being Reported to Regulators
MOVEit Health Data Breach Tally Keeps Growing
Image: Progress Software

Healthcare organizations are adding millions to the tally of individuals affected by the Memorial Day weekend hack of the MOVEit file transfer application by Russian-speaking hackers.

See Also: Active Incident Response: An Inside Look

In recent days, the U.S. Department of Health and Human Services' Office for Civil Rights has posted several more reports submitted by entities involving MOVEit breaches.

Among the largest of those recently posted MOVEit breaches is a hacking incident affecting nearly 3.2 million individuals reported to HHS OCR on July 27 by Dayton, Ohio-based CareSource, which provides Medicaid managed care and Medicare Advantage health plans.

CareSource said nearly 3.2 million health plan members have been affected by its MOVEit hack. (Image: CareSource)

CareSource acknowledged using MOVEit software to share data for managing individuals' health benefits. An investigation determined that the hackers had copied CareSource data obtained from the MOVEit server. The bad actors lost access to the software when the CareSource applied a patch around June 1, the company said.

An estimated 748 organizations have suffered data compromises by MOVEit hacks instigated by the Clop criminal group, which unleashed a highly automated mass attack around May 29, likely timed to take advantage of the U.S. Memorial Day holiday weekend. The group came into possession of a zero-day vulnerability in Progress Software's MOVEit file transfer application. The hackers have affected between 44.3 million and 49.1 million individuals worldwide, according to German cybersecurity firm KonBriefing.

Cybersecurity firm Emsisoft reported that Clop attackers had previously deployed ransomware but have increasingly switched to a smash-and-grab, exfiltration-only strategy, relying on the threat of releasing stolen data as leverage to extort payment. "This is likely so that Clop can quickly exfiltrate data from as many organizations as possible, before the vulnerability being exploited is patched," Emsisoft said in a recent blog post.

So far, the largest health data breach involving MOVEit came from Colorado's Department of Health Care Policy & Financing, which is notifying 4.1 million individuals that their personal information has been stolen (see: Data Theft Via MOVEit: 4.5 Million More Individuals Affected).

But even Colorado's large number of affected individuals is dwarfed by government contractor Maximus, which says the hack of its MOVEit instance affected 11 million individuals (see: Contractor Says Several Health Plans Affected by MOVEit Hack).

Among Maximus' client victims are several healthcare and public health sector entities, including the Centers of Medicare and Medicaid Services, which reported that the PHI of about 645,000 current Medicare beneficiaries had been compromised by Maximus' MOVEit incident.

Other large health data breaches recently listed on the HHS OCR website involving MOVEit hacks include reports filed by technology services firm Radius Global Solutions, with about 601,000 affected; the Harris Center for Mental Health and Intellectual and Developmental Disabilities, with nearly 600,00 affected; and insurer Unum Group's Starmount Life Insurance Co. subsidiary, with almost 532,000 affected.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.