MOVEit Health Data Breach Tally Keeps Growing

More Hacks Compromising Protected Health Info Being Reported to Regulators

Healthcare organizations are adding millions to the tally of individuals affected by the Memorial Day weekend hack of the MOVEit file transfer application by Russian-speaking hackers.

In recent days, the U.S. Department of Health and Human Services’ Office for Civil Rights has posted several more reports submitted by entities involving MOVEit breaches.

An estimated 748 organizations have been affected by MOVEit hacks instigated by the Clop criminal group, which unleashed a highly automated mass attack around May 29. The hackers have affected between 44.3 million and 49.1 million individuals worldwide, according to German cybersecurity firm KonBriefing.

Clop attackers previously deployed ransomware, but have increasingly switched to a smash-and-grab, exfiltration-only strategy, relying on the threat of releasing stolen data as leverage to extort payment.

Among the largest recently posted MOVEit breaches is a hacking incident affecting nearly 3.2 million individuals reported on July 27 by Ohio-based plan provider CareSource, with nearly 3.2 million health plan members affected by its MOVEit hack.

So far, the largest health data breach involving MOVEit came from Colorado’s Department of Health Care Policy & Financing, which is notifying 4.1 million individuals that their personal information has been stolen.

But even Colorado’s large number of affected individuals is dwarfed by government contractor Maximus, which says the hack of its MOVEit instance affected 11 million individuals. Among Maximus’ client victims are several healthcare and public health sector entities, including the Centers for Medicare and Medicaid Services, which reported that the PHI of about 645,000 current Medicare beneficiaries had been compromised by Maximus’ MOVEit incident.

Other large health data breaches recently listed on the HHS OCR website involving MOVEit hacks include reports filed by technology services firms:

  • Radius Global Solutions, with about 601,000 affected
  • Harris Center for Mental Health and Intellectual and Developmental Disabilities, with nearly 600,00 affected
  • Unum Group’s Starmount Life Insurance Co. subsidiary, with almost 532,000 affected.

If you have questions about IT security and the changing threat landscape, call ITPAC today.