MOVEit Breach Exposes Medicaid Data in Missouri
The Missouri Department of Social Services (DSS) has issued a warning regarding a significant data breach involving Medicaid healthcare information. This breach comes as part of a series of attacks orchestrated by the Cl0p ransomware gang, with reports indicating that the gang stands to gain $75-100 million from its nefarious activities.
The breach targeted MOVEit file transfer software, a popular third-party tool used by the DSS. A zero-day vulnerability in the software, labeled CVE-2023-34362, was used to gain access to the sensitive health information of Medicaid participants. This vulnerability has been used to impact over 600 entities worldwide, spanning various industries and government agencies.
In a data breach notice posted last week, the Missouri Department of Social Services (DSS) revealed that although the security breach did not directly affect DSS systems, it did compromise data under the jurisdiction of DSS.
Patient information, including names, Department Client Numbers (DCNs), dates of birth, benefit eligibility status, coverage details, and medical claims, were accessed by unauthorized actors. The DSS emphasized that immediate actions have been taken to mitigate the impact and that investigations are ongoing.
The DSS is just the latest victim of many in a significant wave of data theft exploiting the MOVEit vulnerability. In Oregon, around 1.7 million residents' health information was compromised due to the MOVEit hacks. The Louisiana and Oregon Department of Motor Vehicles also fell victim to the same attacks, resulting in the theft of millions of state IDs.
The Cl0p ransomware gang's tactics have wreaked havoc globally, drawing attention to the vulnerabilities present in critical systems. IBM, the provider of MOVEit services, has taken steps to mitigate the impact of the breach and has ceased interaction with the affected systems.
As investigations continue, authorities recommend that affected individuals take measures to safeguard their financial security. Freezing credit and monitoring credit reports for suspicious activity are steps that can help mitigate the potential repercussions stemming from these significant breaches.