Missouri Warns That Health Info Was Stolen in IBM MOVEit Data Breach

Cyber Security Threat Summary:
This week, the Missouri Department of Social Services (DSS) disclosed that Medicaid healthcare information was potentially exposed after IBM suffered a data breach. The attack was carried out by the Clop ransomware gang, which has been hacking vulnerable MOVEit Transfer servers worldwide by exploiting a SQL injection vulnerability (CVE-2023-34362) in the file transfer solution. According to the Department of social services, the attacks were initiated on May 27, with IBM notifying the department on June 2, 2023, stating that it has stopped using the Transfer application. IBM is currently conducting an investigation to determine the full scope of the attack, with DSS also examining the files that were saved in the MOVEit software application that were accessed by the hackers. Due to the size of the files and formatting of the files, DSS says it will take time to conduct a full analysis.

Security Officer Comments:
Although the attack did not impact any of DSS’s systems, with Medicaid participant information being stored on the MOVEit servers, the actors potentially accessed individual names, department client numbers, date of birth, possible benefit eligibility status or coverage, and medical claims information. With DSS currently conducting its investigation, the department is advising individuals to free their credit to prevent threat actors from opening new accounts or borrowing money under their name.

Suggested Correction(s):
With personally identifiable information being potentially exposed, impacted individuals should be on the lookout for identity theft and targeted phishing attacks, as well as monitor their credit reports for any unusual activity.