Hackers accessed the private health data of over eight million Americans on May 31, a report by a U.S. government services contractor confirms.
The contractor Maximus has not confirmed what sort of health data was accessed, nor the exact amount of individuals’ health data, according to Tech Crunch. The hacking group Clop, a Russian data extortion group, claims to have stolen 169 gigabytes of data it has yet to release, the report continued. Clop had previously taken advantage of the same MOVEit system, resulting in over 15 million victims.
The contractor Maximus filed a 8-K form that outlined the software that was hacked and the outcome of the cyberbreach.
“On May 31, 2023, Progress Software Corporation, the developer of MOVEit (‘MOVEit’), a file transfer application used by many organizations to transfer data, announced a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments,” the form reads. “Based on the review of impacted files to date, the Company believes those files contain personal information, including social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals to whom the Company anticipates providing notice of the incident.”
🌐 This Is CLOP day. CLOP #ransomware team added 54 new victims related to the MoveIt hack 🚨
— DarkFeed (@ido_cohen2) July 26, 2023
Private information in programs such as Medicaid and Medicare are implicated in the breach, continuing a string of hacks of government databases. Specific information that was likely accessed includes “social security numbers, protected health information and/or other personal information,” according to the 8-K filing. (Related: Furry Hackers Steal City Government Data)
“The Company has been notifying its customers as well as federal and state regulators, and it will provide appropriate notifications to individuals affected by this incident,” the form said.
Progress Software is expected to spend over $15 million on an investigation into the matter, but that is subject to change as the investigation is ongoing, according to the 8-K. People notified of and affected by the breach will also be offered “free credit monitoring and identity restoration services,” for the time being.