Colorado Department of Health Policy and Financing (HCPF)

History

2023: One of the Largest American Medical Data Leaks

On August 11, 2023, the Colorado Department of Health Policy and Financing (HCPF) reported one of the largest leaks of American medical data. At the disposal of cybercriminals was confidential information about more than 4 million patients.

As the investigation showed, the hacker attack did not affect any of the information infrastructures of the HCPF or the government of Colorado. Instead, attackers attacked IBM, whose systems are used by government organizations. Attackers took advantage of the zero-day vulnerability in the MOVEit Transfer software developed by Ipswitch (a subsidiary of Progress Software). The application, designed for the confidential transfer of various files, is used by many companies around the world, including IBM.

Hackers attacked IBM and obtained information about more than 4 million patients

About 4.1 million people were affected by the cyber attack, according to HCPF. Criminals stole an extensive set of personal data: these are full names of patients, dates of birth, home addresses, Social Security numbers, Medicaid and Medicare identification numbers, income information, clinical and medical information (including laboratory results and prescribed drugs), health insurance information.

The IBM hack also affected the Missouri Department of Human Services (DSS), although the number of IBM is unknown. The department says that in the hands of hackers could be such information as the names of people, dates of birth, information about medical applications, benefits and insurance. At the same time, the DSS emphasizes that the performance of any computer systems of the department during a hacker attack was not violated. IBM does not comment on the situation.^[1]

Notes