MOVEit hack impacts 1.7M Oregon residents’ health data

The Oregon Health Authority has disclosed that 1.7 million Oregon Health Plan members had their protected health information compromised following a data breach of its health data management services provider Performance Health Technology stemming from the widespread Cl0p ransomware attack involving the exploitation of a MOVEit Transfer vulnerability, TechCrunch reports. Aside from accessing Oregon residents' names, birthdates, email and postal addresses, member and plan ID numbers, and Social Security numbers, Cl0p ransomware attackers were also able to obtain plan members' diagnosis and procedure codes, insurance authorizations, claims data, and other sensitive health information, said PH Tech. Meanwhile, Oregon Health Authority Interim Director Deve Baden called on Oregon Health Plan members to enable credit monitoring following the incident, which is the second MOVEit-related data breach to hit the state after the Oregon Department of Transportation confirmed the theft of 3.5 million drivers license and identification cards in June. More than 40 million individuals already had their personal data stolen in the MOVEit hack, according to Emsisoft.