Hackers exploit IBM to steal millions of people’s healthcare and personal data in US cyberattack.
Healthcare and personal data of over 10 million people were stolen by hackers targeting IBM in one of the largest US data breaches. The hackers exploited a vulnerability in IBM’s popular MOVEit file transfer software.
Hackers found a way into IBM’s MOVEit file transfer software, which is used by millions of people in the US, and stole the private medical information of over a million people.
The people in charge of Colorado’s Medicaid programme, the Colorado Department of Health Care Policy and Financing (HCPF), were hit hard, and more than 4 million patient records were made public as a result.
Hackers Try to Hurt IBM.
Table of Contents
HCPF had to tell the people whose information was stolen that IBM, one of their vendors, was using MOVEit to move HCPF’s files around. But the bad guys did get into some HCPF files on the MOVEit app that IBM was using. They didn’t mess with HCPF or Colorado government systems.
And here’s what was in those files: full names, birthdays, addresses, Social Security numbers, Medicaid and Medicare ID numbers, information about money, medical information like lab results and medications, and information about health insurance.
About 4.1 million people were affected by this mess as a whole.
Hackers didn’t hurt the network; all they did was steal information.
This attack on IBM’s MOVEit systems also reached Missouri’s Department of Social Services (DSS), which affected a lot of people. More than 6 million people live in Missouri.
DSS made it clear that this data breach didn’t directly affect their systems, but it did affect the information they had. So, names, client numbers, birthdates, information about benefits, and information about medical claims could have been taken.
Surprisingly, neither HCPF nor DSS show up on the dark web, where the Clop ransomware gang brags about their hacks. “Government data” is what those hackers are all about, but these two aren’t on the list.
Another government office was hacked.
Right after all this chaos, ransomware also hit the Department of Higher Education there. Hackers now have information from the past 16 years. Last month, Colorado State University got into a mess with MOVEit, which affected a lot of students and employees.
The MOVEit hacks affected PH Tech, which handles data for several health insurance companies. They say that the health information of 1.7 million people in Oregon was stolen.
But HCA Healthcare had the biggest breach this year, which had nothing to do with MOVEit. They accidentally left the door open for hackers, and the names, addresses, and appointment times of 11,2 million people walked right in.