Hackers have targeted the file transfer platform MOVEit, impacting a massive 67 million individuals across multiple countries. The latest victims of this data breach are the Texas Medicaid recipients, who had their information compromised through the platform. UMass Chan Medical School, which used MOVEit to transfer files related to services provided by the Texas Health and Human Services Commission (HHSC), announced the breach on Thursday.
The hack was initially discovered in late May 2023, but it wasn’t until August 17 that files containing the names and Social Security numbers of Texans who received HHSC services were identified. Upon this discovery, UMass Chan promptly alerted the HHSC. However, the press release did not specify the exact number of individuals impacted by the breach. Those concerned about their data can contact UMass Chan directly to ascertain whether they were affected.
This cyberattack on MOVEit has far-reaching consequences, affecting more than 2,500 organizations and a staggering 67 million people. Among the affected organizations, Maximus, a federal contractor that collaborates with Medicaid, experienced the largest impact, with 11 million individuals affected. Other organizations affected include the Louisiana Office of Motor Vehicles, the Colorado Department of Health Care Policy and Financing, and the Oregon Department of Transportation.
Texas HHSC contractor Maximus sent out notifications to affected Texans in September, shedding light on the extent of the breach. According to a filing with the Office of the Attorney General, nearly 88,500 individuals in Texas were affected by the MOVEit breach. This incident serves as a reminder that cyberattacks are increasingly common, with hackers targeting various sectors indiscriminately.
In a separate recent incident, ransomware group Play claimed to have hacked into Dallas County’s network and shared some of the stolen information on the dark web. Dallas County officials are currently investigating the compromised files to determine the potential exposure of personal information belonging to employees or residents. Earlier this year, approximately 819,000 files were stolen in a ransomware attack on the city of Dallas.
Authorities are taking steps to address these cybersecurity threats. Starting from September 1, a new law in Texas requires businesses to notify the attorney general within 30 days if a breach involves the sensitive information of at least 250 people. This is a significant change from the previous requirement of 60 days.
Overall, this latest data breach highlights the need for organizations to prioritize cybersecurity and take proactive measures to protect sensitive information. These incidents serve as a wake-up call for both individuals and businesses to remain vigilant and invest in robust cybersecurity measures to prevent and mitigate the impact of future attacks.
