Written by : Trishti Pariwal
August 17, 2023
In the San Francisco, the hackers stolen millions of Americans private medical and health information data by using MOVEit software. Due to this health data breach, many users got affected and the platform has been shut down.
The US authorities revealed that hackers stole millions of Americans' private medical and health information data using a zero-day flaw in the file-transfer program MOVEit. The Colorado Department of Health Care Policy and Financing (HCPF) said that almost 4 million patients' information has been revealed by the software. They added that major IT firms such as IBM use the MOVEit application to transfer HCPF data files during regular business.'¯
Name, social security number, medical data, and health insurance information are among the data that may have been accessible without authorisation. The HCPF accepted that nearly 4.1 million individuals are affected due to this issue. IBM has not publicly confirmed that all the information in HCPF was affected by the MOVEit mass hacks.
It is said by the department that IBM signed a contract with HCPF as a third-party vendor. A cybersecurity event that affected many users worldwide, including IBM, was officially disclosed by Progress Software as the cause of the MOVEit issue. This problem caused no impact on either HCPF or the state of Colorado systems.
The Colorado Department began an investigation when IBM informed HCPF that it had been impacted by the MOVEit issue. This aids in figuring out whether the incident affected its own systems or whether CHP+ or Health First Colorado members had their protected health information accessed by an unauthorised person.
The department states that an unauthorised actor accessed some HCPF files on IBM's MOVEit application. These files included details about specific Health First Colorado and CHP+ members.
'œA weakness in MOVEit Transfer was used by hackers to gain access to the protected health information of 8 to 11 million people', Maximus, a US government services contracting company, confirmed in July.
Maximus is a contractor that oversees and controls student loan servicing as well as initiatives supported by the federal, state, and municipal governments.
The MOVEit mass hacking is believed to be the largest healthcare data breach and the most serious of the year.
The US Securities and Exchange Commission (SEC) filing mentioned that the maximum data disclosed was taken via a zero-day vulnerability in the MOVEit file transfer program.
AIIMS Delhi also suffered a major malware attack on its hospital services platform in the past. The cyber-security department of the organisation detected a malware attack at 1450 hrs. The data breach attempt was stopped, and the threat was eliminated by the installed cyber-security systems. This is because the government denied any health theft information from AIIMS. The Ministry of Health and Family Welfare (MoHFW) stated that the cyber-attack on servers originated in China.