Missouri’s Department of Social Services shared a data breach notification since this week, informing about a ransomware actor gaining access to the protected Medicaid data held by the agency.
The notification explains the cause of the breach is through the MOVEit Transfer attack, which also hit IBM, which serves Missouri’s DSS. While an investigation is ongoing to surface more details, DSS said the leaked details include the patient’s name, department client number(DCN), date of birth, possible benefit eligibility status or coverage and medical claims information.
Patient Data Leaked in Ransomware Attack
Clop ransomware, the gang behind the MOVEit Transfer supply chain attack, is having the time of their life. The threat actor exploited the vulnerability, tracked as CVE-2023-34362 in late May and gained access to hundreds of companies worldwide. Some of them include sensitive organizations like federal government agencies and medical institutions.
All the affected organizations are gradually showing up with data breach notifications, with the latest one in this series being Missouri’s Department of Social Services. The government agency this week shared a notification confirming the data breach incident resulting from the MOVEit Transfer attack on it’s vendor, IBM.
IBM provides Medicaid services to DSS, so an attack on IBM infrastructure affects all the patient data and this is precisely what happened, as noted by Missouri DSS in it’s notification. The agency said the indirect attack may have leaked the individual’s name, department client number(DCN), date of birth, possible benefit eligibility status or coverage and medical claims information.
As they continue to investigate the incident, the agency told BleepingComputer that only two social security numbers were exposed in this incident and no banking information was involved! But due to the scope of the attack, DSS is sending out notifications to all Missouri Medicaid participants who enrolled back in May of 2023 and suggested that individuals freeze their credit to prevent potential hacks.
Other Trending News:- News