Four million health records exposed in Colorado data breach

Share post:

The Colorado Department of Health Care Policy and Financing (HCPF) has suffered a data breach that impacted the personal and health information of four million individuals.

The breach was caused by a vulnerability in the MOVEit managed file transfer application, which is used by IBM to move data for HCPF.

The investigation into the breach determined that threat actors accessed sensitive data, including full names, Social Security numbers, Medicaid ID numbers, Medicare ID numbers, dates of birth, home addresses, and other contact information. However, financial information such as credit card numbers was not exposed.

HCPF is offering potentially impacted individuals two years of free credit monitoring and identity restoration services. The agency is also reviewing its cybersecurity policies and practices to prevent similar data breaches in the future.

This is the latest in a series of data breaches that have impacted Colorado organizations. In 2022, the Colorado Department of Higher Education suffered a ransomware attack that exposed the personal information of current and former students and educators. And in 2021, Colorado State University disclosed a data breach that exposed the personal information of students, faculty, and staff.

Previous victims of the MOVEit data breach include the U.S. Department of Energy, Schneider Electric, Siemens Energy, Shell, Louisiana’s Office of Motor Vehicles, Norton’s parent company Gen Digital, and German Banks Deutsche Bank AG, Commerzbank, and ING.

The sources for this piece include an article in CPOMAGAZINE.

Featured Tech Jobs


Related articles

Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet

As committee hearing start the Innovation minister promises changes to privacy law to meet complaints. Details to fo

Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more

This episode reports on phishing campaigns against the hospitality sector, a new ransomware operato

Ransomware attacks on U.S. public sector at record high

Ransomware attacks on the U.S. public sector are on track to reach record levels in 2023, with both...

APT hacking group AtlasCross targets organizations

A new advanced persistent threat (APT) hacking group named AtlasCross has been discovered targeting organizations with phishing lures...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways