hinoshiba / news

1 stars 0 forks source link

[DataBreaches] Health data of more than 8 million people accessed by MOVEit hackers: US govt contractor #1796

Closed hinoshiba closed 1 year ago

hinoshiba commented 1 year ago

In what may be the largest health data breach reported so far in 2023, a government contractor affected by the MOVEit breach disclosed the breach in an SEC filing.  ANS reports: Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of 8 to 11 million individuals. Maximus is a contractor that manages and administers federal and local government-sponsored programmes, as well as student loan servicing. The breach is believed to be the largest healthcare data breach of the year, as well as the most serious to result from the MOVEit mass-hackings. Read more at DaijiiWorld The relevant section of Maximus’ SEC filing of July 26 reads: Item 8.01    Other Events On May 31, 2023, Progress Software Corporation, the developer of MOVEit (“MOVEit”), a file transfer application used by many organizations to transfer data, announced a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments. It appears that a significant number of commercial and government customers worldwide were affected by this vulnerability. Maximus, Inc. (“Maximus” or the “Company”) uses MOVEit for internal and external file sharing purposes, including to share data with government customers pertaining to individuals who participate in various government programs. The Company believes that the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting this MOVEit vulnerability. The Company is cooperating with law enforcement regarding this cybersecurity incident. Maximus promptly commenced an investigation of the incident with the assistance of outside legal, forensic and data analytics experts and has taken remedial steps to address the reported vulnerabilities. The Company’s forensic expert has completed the forensic aspects of the investigation, which has identified the files impacted by the cybersecurity incident. The Company’s review of these files is ongoing. At present, there is no indication that the incident has had any impact on the internal information technology systems of the Company or its customers beyond the MOVEit environment, and there has been no material interruption to the Company’s business operations due to the incident. Based on the review of impacted files to date, the Company believes those files contain personal information, including social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals to whom the Company anticipates providing notice of the incident. The Company has been notifying its customers as well as federal and state regulators, and it will provide appropriate notifications to individuals affected by this incident. In addition, individuals receiving notice will be offered free credit monitoring and identity restoration services. Maximus currently plans to record an expense of approximately $15 million for the quarter ended June 30, 2023 representing the Company’s best estimate of the total investigation and remediation activities to be incurred related to the incident. The information provided in this Current Report on Form 8-K, including the estimated number of impacted individuals and estimated expenses, is preliminary and is based on currently available information and is subject to change during the course of the Company’s ongoing investigation of the cybersecurity incident. The Company’s review of impacted files is ongoing, and the Company is unable to predict the total number of impacted individuals who will receive notice of the incident until that review is completed, which we expect will not be for several more weeks. The Company is also unable to predict other potential liabilities or consequences that may arise from this incident. As the investigation progresses, additional information may become available that could cause the Company’s estimates and preliminary determinations to change.

https://www.databreaches.net/health-data-of-more-than-8-million-people-accessed-by-moveit-hackers-us-govt-contractor/

hinoshiba commented 1 year ago

This issue is stale because it has been open 1 day with no activity. Remove stale label or comment or this will be closed in 1 day.

hinoshiba commented 1 year ago

This issue was closed because it has been stale with no activity.