Colorado health department adds 95k individuals to its list of MOVEit hack victims

The Colorado Department of Health Care Policy and Financing says a data breach it suffered due to the exploitation of a zero-day vulnerability in the MOVEit Transfer web application impacted 95,000 more people than it initially estimated.

In August, the Colorado Department of Health Care Policy and Financing (HCPF) said that one of its vendors, IBM, suffered a significant data breach following the exploitation of a zero-day vulnerability in the MOVEit Transfer web application by the Clop ransomware gang. IBM used the application to send and receive HCPF files as a “normal course of business.”

Soon after IBM notified HCPF about the security incident on May 31, the department launched an investigation to understand the scope of the same.

“While HCPF confirmed that no other HCPF systems or databases were impacted, on June 13, 2023, the investigation identified that certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorised actor on or about May 28, 2023. These files contained certain Health First Colorado and CHP+ members’ information,” HCPF said.

The compromised information included names, social security numbers, medical information, and health insurance information. The department has clarified that “no HCPF or State of Colorado systems were affected by this issue.” The filing with the Attorney General’s Office also confirmed that at least 4,091,794 individuals were impacted by the data breach.

In a separate filing with the Office of the Maine Attorney General last week, HCPF revised the number of affected parties, stating that at least 4,187,732 individuals were impacted by the security incident.

From August 11, HCPF has started notifying all affected individuals about the security incident and is providing them with two years of complimentary credit monitoring and identity theft restoration services through Experian.

As of today, almost 2,250 organisations worldwide have suffered significant data breaches as a result of the Clop ransomware group exploiting vulnerabilities in Progress Software’s MOVEit Transfer web application.

According to German cybersecurity research firm KonBriefing, as of October 6, at least 2,247 organisations have come forward about security incidents resulting from the exploitation of the software and at least 67.2 million individuals have been impacted by the same.