Hackers took advantage of a zero-day weakness in the widely used MOVEit file transfer software to access systems run by computer giant IBM, resulting in a catastrophic data breach that shocked the healthcare industry.
The incident exposed millions of Americans' sensitive medical and health information, raising worries about medical data security and privacy in the digital era.
Colorado's Department of Health Care Policy and Financing (HCPF), overseeing the state's Medicaid program, disclosed the alarming MOVEit hack last Friday. More than four million personal and medical information has been exposed, according to a report from TechCrunch.
A data breach notice to the impacted people by HCPF revealed the issue.
What Were The Data Stolen?
The breach allegedly happened because IBM, one of the state's suppliers, used the MOVEit tool to transmit HCPF data files. The HCPF and state government systems in Colorado were unaffected. However, unauthorized hackers could access specific data on IBM's MOVEit program.
The stolen files included confidential patient data, including complete names, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare ID numbers, income data, clinical and medical records, test results, prescriptions, and health insurance information.
The recent MOVEit hack has affected around 4.1 million people, raising questions about exploiting their sensitive health information. However, IBM hasn't yet officially acknowledged the breach's effect on its systems.
The population of Missouri is above six million. A data breach notice mentioning the DSS breach indicated that the department's data had been compromised due to a flaw in IBM's MOVEit systems.
Authorities Expect More Cyberattacks
Although neither Missouri's DSS nor Colorado's HCPF was found on the dark web leak site of the Clop ransomware gang, which took credit for the widespread attacks, the breach raises questions about the security of private medical information and the possibility of further cyberattacks on hospitals.
The latest MOVEit data breach followed a Colorado state government ransomware assault that disclosed 16 years of data from the Department of Higher Education, per Bleeping Computer. Colorado State University also revealed a data breach using the insecure MOVEit Transfer program that affected thousands of students and academic staff members.
Organizations often utilize the MOVEit program to transmit massive volumes of sensitive data, such as medical records, financial data, and social security numbers, according to Gadgets 360.
The incident shows how linked corporations are when managing sensitive data and the possibility of massive data leakage due to flaws in otherwise harmless software.
The latest massive medical data breach incident has highlighted the significance of cybersecurity across several industries and shown the flaws in healthcare data management.
Moreover, the MOVEit hack raises worries about the healthcare industry's data security standards and the privacy of impacted individuals.
Related Article : Google's Med-PaLM 2 Deployment Draws Scrutiny from US Senate Over Healthcare AI Risks