Health data of over 8 mn people accessed by MOVEit hackers: US govt contractor

San Francisco, Jul 28 (IANS): Maximus, a US government services contracting company, has confirmed that hackers exploited a vulnerability in MOVEit Transfer to access the protected health information of 8 to 11 million individuals.

Maximus is a contractor that manages and administers federal and local government-sponsored programmes, as well as student loan servicing.

The breach is believed to be the largest healthcare data breach of the year, as well as the most serious to result from the MOVEit mass-hackings.

In the US Securities and Exchange Commission (SEC) filing, Maximum revealed that the data was stolen by exploiting a zero-day vulnerability in the MOVEit file transfer application.

The Clop ransomware gang used this flaw to compromise hundreds of high-profile companies around the world.

"The company believes those files contain personal information, including social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals to whom the company anticipates providing notice of the incident," the company said in SEC filing.

Moreover, the company said that it began notifying impacted customers as well as federal and state regulators and that the investigation and remediation of the security incident will cost approximately $15 million.

Last month, Clop, the Russia-linked data extortion group behind the MOVEit mass hacks listed several other victims of its mass hack, which also include banks and universities, apart from federal government agencies.

On its website, Clop listed US-based financial services organisations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and the UK-based energy giant Shell, among other victims.

Clop contacts its victims to demand a ransom payment to decrypt or delete their stolen files.

According to researchers, Clop may have been exploiting the MOVEit vulnerability as far back as 2021.



Top Stories

Leave a Comment

Title: Health data of over 8 mn people accessed by MOVEit hackers: US govt contractor

You have 2000 characters left.


Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will be held responsible.