Updated on: February 22, 2024
In the latest update on the MOVEit data security incident, the Missouri Department of Social Services (DSS) has released a warning about Medicaid information being exposed during the breach.
Earlier this year, the MOVEit file transfer service was breached by the Cl0p ransomware gang, resulting in over 600 companies and various state and federal government organizations around the world facing extensive data breaches.
This week, the Missouri Department of Social Services disclosed that their patient’s Medicare information was stolen via the data breach on IBM; vendors for the agency who were using the MOVEit file transfer service during the critical breach.
The information that was breached includes the patient’s name, date of birth, eligibility status, coverage and claims, and Department Client Number (DCN).
“IBM notified DSS of the incident on June 2, 2023, informing DSS that IBM had applied any
recommended MOVEit software fixes and had stopped using the MOVEit Transfer application
while they investigated to determine if any DSS data had been accessed,” states the report by the DSS.
“The data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS,” they say. “DSS took immediate steps in response to this incident that are ongoing.”
Earlier this week, IBM told Bleeping Computer that they’ve taken steps to minimize the impact of the breach, as well as severing ties with the MOVEit file transfer service. The report by the DSS also highlights that they’re working with the proper authorities to combat the threat and to understand exactly what data was lost.
“DSS is continuing to investigate this incident, and we will take all appropriate actions to protect and safeguard Missourians’ information that has been entrusted to DSS.”
If you believe you were impacted by this breach, the DSS is working with three major reporting services (TransUnion, Equifax, and Experian) to provide free credit freezing.