TECH- Colorado Medicaid members’ data may have been stolen in cyberattack

MM Curator summary

The article below has been highlighted and summarized by our research team. It is provided here for member convenience as part of our Curator service.


[MM Curator Summary]: Oopsie.



Clipped from:

Vendor used compromised MOVEit software


A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop.

People covered by Medicaid or Child Health Plan Plus should take steps to protect their identities after their information likely was exposed in a cyberattack, the state agency that runs the programs said Friday.

On Thursday, several U.S. government agencies announced they’d been hit by an attack on a piece of software called MOVEit, which allows organizations to transfer large files in a way that’s similar to consumer products like Dropbox.

A criminal group called Clop has claimed responsibility and demanded extortion payments from companies, but said it didn’t mean to hit government agencies and would delete their data, according to The Washington Post. There’s no way to hold it to that promise, though.

The Colorado Department of Health Care Policy and Financing announced Friday that a vendor it worked with had used MOVEit, and there’s a good chance that Medicaid and Child Health Plan Plus members’ information may have been stolen. The department will notify individuals once it knows who was affected, it said.

The department recommended that anyone who has been covered by either program since 2015 monitor their credit reports and consider asking the credit monitoring agencies to freeze their files. It also said it’s a good idea to change passwords on your online accounts; request an Identity Protection PIN from the Internal Revenue Service so someone else can’t claim your refund; and register for a account if you are eligible for Social Security benefits.

Sign up for our weekly newsletter to get health news sent straight to your inbox.