Data Breach

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM.

The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals.

The incident is the result of a MOVEit attack on IBM, threat actors accessed the personal and health information of the impacted individuals.

“After IBM notified HCPF that it was impacted by the MOVEit incident, HCPF launched an investigation
right away to understand whether the incident impacted its own systems, and to determine whether Health First Colorado or CHP+ members’ protected health information was accessed by an unauthorized party.” reads the reads the notice. by the company. “While HCPF confirmed that no other HCPF systems or databases were impacted, on June 13, 2023, the investigation identified that certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor on or about May 28, 2023. These files contained certain Health First Colorado and CHP+ members’ information.”

Information potentially exposed includes full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home address and other contact information, demographic or income information, clinical and medical information (such as diagnosis/condition, lab results, medication, or other treatment information), and health insurance information.

Threat actors can exploit this data to carry out a broad range of fraudulent activities, from phishing attacks to identity theft.

The Colorado Department of Health Care Policy & Financing (HCPF) is a state government agency in the U.S. state of Colorado. It is responsible for managing and overseeing various health care programs and policies within the state. HCPF’s primary focus is on providing access to affordable and quality healthcare services for eligible individuals and families.

Once discovered the security breach, HCPF quickly launched an investigation into the incident. The company pointed out that its systems were impacted, it also added to have identified potentially affected individuals. In response to the incident, the company is reviewing policies, procedures and cybersecurity safeguards to enhance the cyber security of its systems.

HCPF is providing access to credit monitoring services for twenty-four months, through Experian, to impacted individuals along with guidance on how to better protect against identity theft and fraud.

Colorado HCPF is the last victim of the attacks exploiting the flaw CVE-2023-34362 affecting the Progress Software’s MOVEit file transfer platform.

MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

The vulnerability is a SQL injection vulnerability, it can be exploited by an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database.

A few days after the release of Progress’s advisory, the Clop ransomware gang (aka Lace Tempest) was credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362, in the MOVEit Transfer platform.

The Clop ransomware group claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The list of victims of ransomware attacks exploiting the MOVEit Transfer zero-day includes the U.S. Department of EnergyBritish AirwaysBoots, the BBC, Aer Lingus, OfcomShell, University of Rochester, Schneider Electric, Siemens Energy, and Gen Digital.

The US State Department offered a $10 million reward for any information which would link members of the Cl0p ransomware gang to a foreign government.

In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. CDHE did not disclose the number of impacted individuals.

CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists.

In early August, The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, OT)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

DORA Compliance Strategy for Business Leaders

In January 2025, European financial and insurance institutions, their business partners and providers, must comply…

1 hour ago

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel, Microsoft Windows, Progress Telerik Report…

9 hours ago

City of Cleveland still working to fully restore systems impacted by a cyber attack

Early this week, the City of Cleveland suffered a cyber attack that impacted multiple services.…

14 hours ago

Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

Ukraine’s security service (SBU) detained two individuals accused of supporting Russian intelligence in spreading propaganda…

14 hours ago

Google fixed an actively exploited zero-day in the Pixel Firmware

Google is warning of a security vulnerability impacting its Pixel Firmware that has been actively…

1 day ago

Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution…

1 day ago

This website uses cookies.