Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Over 3m US federal agency clients affected in latest MOVEit breach disclosure

US federal agency Centers for Medicare & Medicaid Services has disclosed that over 3 million people have had their personal and health data exposed as a result of the major MOVEit supply chain attack.

user icon Daniel Croft
Wed, 25 Sep 2024
Over 3m US federal agency clients affected in latest MOVEit breach disclosure
expand image

The attack, which first occurred in June last year, saw the Cl0p ransomware gang target a vulnerability in Progress Software’s MOVEit file transfer software, allowing it to exfiltrate data from a number of high-profile organisations such as the BBC, British Airways, PwC, Medibank, Shell, Estée Lauder, Deloitte, The University of Sydney, Transport for London and more.

US government and defence agencies were also affected, with over 632,000 defence and justice department emails being exposed. Eventually, Cl0p dumped all stolen data online.

Now, Centers for Medicare & Medicaid Services (CMS), a federal agency that acts under the Department of Health and Human Services (HHS) and is responsible for the country’s healthcare programs such as Medicare and Medicaid, has revealed that 3,112,815 health plan beneficiaries had been exposed in the attack.

============
============

The agency said it discovered that CMS files were compromised on 8 July 2024, adding that it was “notifying people whose protected health information or other personally identifiable information (PII) may have been compromised in connection with Medicare administrative services provided by WPS [Wisconsin Physicians Service]”.

WPS was reportedly a user of the MOVEit software but applied the Progress Software security updates released in early June 2023, and assumed that their systems were safe.

“The security incident may have impacted PII of Medicare beneficiaries that was collected in managing Medicare claims as well as PII collected to support CMS audits of healthcare providers that some individuals who are not Medicare beneficiaries have visited to receive health care services.”

CMS said that along with WPS, it is currently informing 946,801 current Medicare users whose personal data may have been exposed in the incident.

Data exposed in the breach includes names, social security numbers or individual taxpayer identification numbers, dates of birth, mailing addresses, gender, hospital account numbers, dates of services and Medicare Beneficiary Identifiers (MBI) and/or health insurance claim numbers.

In a mock-up of a letter sent to customers, CMS added that health plan beneficiaries are still free to use their existing Medicare cards, unless their MBI was potentially affected, in which case a new card will be shipped out. Until then, those affected should continue using their original Medicare card.

At the time of the incident, Cl0p said it would delete data belonging to healthcare organisations, government entities and hospitals, but this is unverifiable, and it is still possible that data of this nature has appeared on the dark web.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.