Massachusetts health officials warn of data breach involving more than 134K people
State health officials say ‘worldwide data security incident’ linked to MOVEit
Health officials in Massachusetts are warning that more than 134,000 people may have had their personal and medical information stolen as part of a "worldwide data security incident" involving the file-transfer program MOVEit.
The Executive Office of Health and Human Services (EOHHS) said UMass Chan Medical School in Worcester, which provides services to the agency, has started notifying affected individuals "currently or previously enrolled in certain state programs."
Data that the EOHHS said may have been subject to "unauthorized acquisition" include names, dates of birth, mailing addresses, Social Security numbers, financial information and protected health information such as "diagnosis/treatment information, prescription information, provider names, dates of service, claims information, health insurance member ID numbers, and other health insurance related information."
The amount of information involved in the incident varies by person, it added.
US GOVERNMENT AGENCIES HIT BY CYBERATTACK
"This incident was part of a worldwide data security incident involving a file-transfer software program called MOVEit, which has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations," it said. "No UMass Chan or state systems were compromised in this incident."
"Any individual who receives a notice is encouraged to take steps to protect their information, including monitoring their financial account statements and enrolling in free credit monitoring and identity theft protection offered to individuals who had certain sensitive information involved," it added.
The office said when UMass Chan learned about the vulnerability on June 1, it immediately fixed it, contacted law enforcement and launched an investigation.
MASSIVE CYBERATTACK STRIKES MILLIONS: ARE YOU AT RISK?
"UMass Chan identified the files that may have been subject to unauthorized acquisition as a result of the MOVEit security flaw," it also said. "On July 27, 2023, UMass Chan determined that some of these files contained information pertaining to individuals who received services from EOHHS."
The state of Massachusetts says on its website that "MOVEit is a file transfer software program licensed by a company called Progress Software" and it was "used to transfer files as part of the services provided by UMass to certain EOHHS agencies and programs."
In June, Fox News Digital reported that several U.S. government agencies have been impacted by the vulnerability in the software program as well.
CLICK HERE TO GET THE FOX NEWS APP
The U.S. Cybersecurity and Infrastructure Security Agency is now working to determine the origin of the attack and what may have been stolen.
FOX Business' Anders Hagstrom contributed to this report.