Business
US government contractor says MOVEit hackers accessed health data of ‘at least’ 8 million individuals
U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals.
Virginia-based Maximus contracts with federal, state, and local governments to manage and administer government-sponsored programs, such as Medicaid, Medicare, healthcare reform, and welfare-to-work.
In an 8-K filing on Wednesday, Maximus confirmed that the personal information of a “significant number” of individuals was accessed by hackers exploiting a zero-day vulnerability in MOVEit Transfer, which the organization uses to “share data with government customers pertaining to individuals who participate in various government programs.”
While Maximus hasn’t yet been able to confirm the exact number of individuals impacted — something the company expects to take “several more weeks” — the organization said it believes hackers accessed the personal data, including Social Security numbers and protected health information, of “at least” 8 to 11 million individuals. If the latter, this would make the breach the largest breach of healthcare data this year — and the most significant data breach reported as a result of the MOVEit mass-hacks.
Maximus has not confirmed what specific types of health data were accessed and has not responded to TechCrunch’s questions. In its 8-K filing, the company said it had began notifying impacted customers and federal and state regulators, adding that it expects the security incident to cost approximately $15 million to investigate and remediate.
Clop, the Russia-linked data extortion group responsible for the MOVEit mass-hacks, claims to have stolen 169 gigabytes of data from Maximus, which it has not yet published.
Maximus is one of just hundreds of organizations impacted by the MOVEit Transfer hacks to appear on Clop’s dark web leak site. This week alone, the ransomware group added a number of new victims, including accountancy giant Deloitte, and global sports betting provider Flutter, which owns Fox Bets and Poker Stars.
In a statement given to TechCrunch, Deloitte spokesperson Sutton Meagher said that the company’s analysis of the incident “determined that our global network use of the vulnerable MOVEit Transfer software is limited,” adding that the company has “seen no evidence of impact to client data.”
Clop also recently listed accountancy firms PwC and Ernst & Young as its latest victims.
Flutter spokesperson Robert Allan told TechCrunch that the Dublin-headquartered organization “has been impacted” by the MOVEit mass-hacks and has “notified affected employees and customers.” Flutter, which claims to provide services to more than 18 million customers globally, declined to say how many individuals had been impacted or what types of data had been accessed.
Clop also this week listed Pensions Benefit Information, which provides pension plan management services to various industries. The organization has confirmed it was breached in a brief statement on its website but hasn’t said how many individuals have been impacted. Four of the organization’s clients — including CalPERS, CalSTRS, Genworth Financial, and Wilton Reassurance — have disclosed that the data of more than 4.75 million people had been accessed.
According to the latest figures from cybersecurity company Emsisoft, more than 500 organizations have so far been impacted by the MOVEit mass-hacks, exposing the personal information of more than 34.5 million people.
-
Entertainment7 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment6 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know