In, what is being called the biggest data leaks, hackers have been able to exploit the data of over over 10 million individuals by targeting tech giant IBM through the MOVEit file transfer vulnerability.
The IBM cyber attack caused major healthcare and government agencies across the US to fall victim to a series of data breaches.
These breaches, connected to a vulnerability in IBM’s MOVEit file transfer platform, have exposed sensitive personal and health information, impacting millions of individuals.
Among the victim companies, United Healthcare Services (UHS), a prominent healthcare provider, has recently disclosed a data breach that has compromised the personal information of nearly 400,000 individuals.
Although the specific details of the leaked information are not yet revealed, this IBM cyber attack has revealed a vulnerability that was already being used by hackers to target other organizations.
According to reports, the data of over 10 million people has been compromised in this IBM data breach. “In one of the biggest hacks or data leaks to have hit the US, healthcare and personal data of over 10 million people have been stolen by a group of hackers, targeting IBM”, stated a Firstpost report.
IBM cyber attack: Personal data leaked, multiple companies’ records at risk
Like a hacking spree capturing multiple victims, many big companies, organizations, and industries got impacted due to the IBM cyber attack.
This includes the Colorado Department of Health Care Policy and Financing (HCPF), which has also fallen victim to the IBM data breach, reportedly linked to the MOVEit file transfer data breach.
The IBM data breach exposed 4 million patient records from the Colorado Department of Health Care Policy and Financing (HCPF), marking one of the biggest cyber attacks involving the MOVEit vulnerability exploitation.
The Colorado Department of Health Care Policy and Financing (HCPF) confirmed the IBM cyber attack on Friday and stated that they had fallen victim to the MOVEit vulnerability exploitation.
In a notice sent to the Maine residents, the Colorado Department of Health Care Policy & Financing stated, “While HCPF confirmed that no other HCPF systems or databases were impacted, on June 13, 2023, the investigation identified that certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor on or about May 28, 2023. These files contained certain Health First Colorado and CHP+ members’ information.”
Responding to an inquiry by The Cyber Express about the IBM cyber attack, a representative from the company said, “IBM has worked closely with the Colorado Department of Health Care Policy and Financing (HCPF) and the Missouri Department of Social Services to determine and minimize the impact of the breach of MOVEit Transfer, a non-IBM data transfer program provided by Progress Software.
“Upon receiving notification of the breach from Progress, we moved quickly to isolate potentially impacted systems and have implemented a thorough mitigation plan. There has been no impact to IBM systems,” they added.
Following the Colorado Department of Health Care Policy & Financing confirmed the cyber attack, Augusta Maine Fire Rescue also fell victim to the IBM data breach.
EMS Management Consultants, an emergency medical services support provider that handles billing for Augusta Maine Fire Rescue, also got caught in the IBM cyber attack, resulting in the theft of patient data.
The breach exposed sensitive information such as patient names, Social Security numbers, dates of birth, and billing codes.
The company has confirmed the IBM cyber attack via a notice and said it would send notification letters to all the affected parties and individuals. “All individuals who were directly affected will receive a mailed notification from the company EMS Management Consultants,” officials said in a press release.
Following the trails of the IBM cyber attack, another incident involving Medicaid resulted in the data left linked to the same MOVEit vulnerability.
Over 744,000 individuals enrolled in Medicaid have had their data exposed, including names, addresses, Medicaid numbers, and Social Security numbers.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
