Health data of more than 134,000 individuals was involved in a recent MOVEit data breach, Massachusetts officials have warned.
UMass Chan Medical School (UMass Chan) began notifying over 134,000 individuals on Tuesday currently or previously enrolled in certain state programs that their personal information was involved in a third-party data security incident.
Impacted individuals have been notified by mail and will be contacted by phone, text, and e-mail where possible.
"Any individual who receives a notice is encouraged to take steps to protect their information, including monitoring their financial account statements and enrolling in free credit monitoring and identity theft protection offered to individuals who had certain sensitive information involved," officials said in a statement.
The information involved in the breach included names and one or more of the following:
- Dates of birth
- Mailing addresses
- Protected health information, i.e., diagnosis/treatment information, prescription information, provider names, dates of service, claims information, health insurance member ID numbers, and other health insurance-related information
- Social Security numbers
- Financial account information
The data breach is part of a worldwide data security incident involving a file-transfer software program called MOVEit. The attacks compromised data at more than 600 organizations worldwide, including state and federal government agencies and financial services firms, according to Reuters.
The Johns Hopkins University (JHU) and Johns Hopkins Health System (JHHS) have also confirmed being affected by the incident.
The data breach by Russia-linked ransomware syndicate Cl0p, Cybernews reports. The bug affected the transfer servers and allowed criminals to access and download the data stored there.
Having medical data stolen may result in falling victim to a scam or experiencing identity theft. Although it’s primarily the responsibility of healthcare institutions to protect sensitive information, victims of data loss should change passwords on their accounts, avoid easily guessable passwords, and use multifactor authentication, experts say.
- Massachusetts Government. Massachusetts residents’ data involved in MOVEit global security incident.
- Reuters. Analysis: MOVEit hack spawned over 600 breaches but is not done yet.
- Cybernews. John Hopkins confirms MOVEit breach.