Several Healthcare Data Breaches Unfold From MOVEit Transfer Cyberattack

August 03, 2023 - In a recent string of cyberattacks involving the MOVEit Transfer system, Allegheny County has stood out as one of the largest affected, with a staggering 689,686 individuals data exposed.

These incidents were the result of a critical software vulnerability in MOVEit, which was exploited by a group of cybercriminals "Cl0p."

MOVEit, a popular file transfer tool owned by Progress Software, was found to have a flaw related to SQL injection. This allowed unauthorized actors to gain access to MOVEit Transfer’s database, leading to several attacks across different sectors. The criminal group Clop ransomware took interest in this vulnerability, and has claimed responsibility for many of these incidents.

The County became aware of the software vulnerability in MOVEit on June 1, 2023, and identified the period of exposure as between May 28 and May 29, 2023. The cybercriminals were able to access and download files belonging to the County during this time frame.

The data involved in the breach included sensitive personal information, such as Social Security numbers, dates of birth, driver’s license numbers, taxpayer identification numbers, and student identification numbers. Some individuals also had medical information exposed, including details of diagnoses, treatment types, admission dates, and health insurance information.

READ MORE: AI, Ransomware Remain Prevalent in Evolving Cybersecurity Landscape

Although Cl0p has indicated that its focus is on targeting businesses and that it would delete any data obtained from governments, the uncertainty surrounding the incident remains.

While the county has been informed that the data involved has been deleted, it continues to urge affected individuals to take measures to protect their personal information.

“As soon as the County became aware of the incident, the County took steps to secure its information, including by blocking access to and from the MOVEit server, and implemented security measures recommended by Progress Software to patch the vulnerability,” the data breach notification stated.

The County also engaged external cybersecurity experts to investigate the nature and scope of the incident, and conducted an extensive investigation to determine what information was involved.

UT Southwestern Medical Center Impacted by MOVEit Transfer Cyberattacks

UT Southwestern Medical Center (UTSW) in Dallas recently confirmed that the protected health information (PHI)  of 98,437 patients was compromised in a MOVEit Transfer cyberattack on the hospital's software.

READ MORE: White House Issues National Cybersecurity Strategy Implementation Plan

The breach, discovered on May 30, 2023, exposed sensitive patient data, including medical record numbers, birth dates, medication names and dosages, and prescribing provider names. A portion of the affected patients also had their Social Security numbers stolen. An investigation found that on May 28, an unknown individual exploited a previously unidentified vulnerability in the software, gaining unauthorized access to files within UTSW's MOVEit server.

Immediately after detecting the attack, UT Southwestern took action to secure its systems and limit accessibility to information within the MOVEit server. A team at the medical center then began identifying the individuals and the types of data affected, to facilitate notification to the impacted patients.

UT Southwestern is now in the process of reaching out to those affected by direct mail.

Harris Health Systems Caught in MOVEit Transfer Breach

Harris Health Systems has begun notifying nearly 224,700 patients of a MOVEit Tranfer data breach.

The breach was discovered on June 2, 2023, when it was found that unauthorized access to the MOVEit server had occurred on May 28, leading to certain files being downloaded.

READ MORE: Veterans Affairs OIG Finds Cybersecurity Deficiencies at AZ Health System

The downloaded files contained varying personal information including names, addresses, dates of birth, Social Security numbers, medical record numbers, immigration status, driver’s license numbers, health insurance details, and care-related information.

In response to the breach, Harris Health immediately secured the server, implemented security safeguards, and initiated an investigation with the assistance of cybersecurity experts. As part of its efforts to rectify the situation, Harris Health began notifying affected individuals on July 21, offering complimentary credit monitoring and identity theft protection to those whose Social Security numbers were involved.

MOVEit Transfer Breach Impacts John Hopkins All Children’s Hospital

Johns Hopkins All Children's Hospital is another victim in a series of cyberattacks linked to a vulnerability in Progress Software’s MOVEit Transfer software, according to Fox13News reporting.

The breach, which occurred within the larger Johns Hopkins Health System, took place on May 31, according to a spokesperson.

The compromised data might include information relating to employees, students, and patients, although hospital officials have indicated that electronic personal health records do not appear to have been affected.

The investigation into the incident is still in progress, and both law enforcement and the hospital's cybersecurity teams are working diligently to determine the exact nature of the compromised information. At this stage, the extent of the impact, including the number of patients affected, remains undetermined.