Four million health records exposed in Colorado data breach

Share post:

The Colorado Department of Health Care Policy and Financing (HCPF) has suffered a data breach that impacted the personal and health information of four million individuals.

The breach was caused by a vulnerability in the MOVEit managed file transfer application, which is used by IBM to move data for HCPF.

The investigation into the breach determined that threat actors accessed sensitive data, including full names, Social Security numbers, Medicaid ID numbers, Medicare ID numbers, dates of birth, home addresses, and other contact information. However, financial information such as credit card numbers was not exposed.

HCPF is offering potentially impacted individuals two years of free credit monitoring and identity restoration services. The agency is also reviewing its cybersecurity policies and practices to prevent similar data breaches in the future.

This is the latest in a series of data breaches that have impacted Colorado organizations. In 2022, the Colorado Department of Higher Education suffered a ransomware attack that exposed the personal information of current and former students and educators. And in 2021, Colorado State University disclosed a data breach that exposed the personal information of students, faculty, and staff.

Previous victims of the MOVEit data breach include the U.S. Department of Energy, Schneider Electric, Siemens Energy, Shell, Louisiana’s Office of Motor Vehicles, Norton’s parent company Gen Digital, and German Banks Deutsche Bank AG, Commerzbank, and ING.

The sources for this piece include an article in CPOMAGAZINE.


Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways