Tens of thousands of people from Massachusetts were notified that they fell victim to a MOVEit data breach, the state’s Executive Office of Health and Human Services announced in a August 15 press release.
UMass Chan Medical School notified more than 134,000 residents that their personal information was involved in the recent MOVEit breach – a worldwide data security incident involving a file-transfer software program which has impacted state and Federal government agencies, financial services firms, pension funds, and many other types of companies and nonprofit organizations.
The Massachusetts health officials said that exposed data varies by person, but in each case, it includes the person’s name and at least one other piece of information like date of birth, mailing address, protected health information like diagnosis and treatment details, Social Security number, and financial account information.
“State Supplement Program (SSP) participants (including recipients, other members of the household and authorized representatives), MassHealth Premium Assistance members, MassHealth Community Case Management participants, and Executive Office of Elder Affairs (EOEA) and Aging Services Access Points (ASAP) home care program consumers were primarily impacted,” the press release states. “If you do not participate in one of those programs, it is unlikely your data was exposed.”
People whose information was compromised will begin receiving letters from UMass Chan and the state, health officials said, with specific information on which pieces of their information were exposed and steps they can take to protect their identity and data.
UMass Chan learned about the issues with MOVEit on June 1, and “immediately fixed the vulnerability, contacted law enforcement, launched an investigation and worked to identify the individuals whose information was involved,” the press release says. The medical school identified files that may have been subject to unauthorized acquisition and on July 27 determined that some of these files contained information related to people who received state HHS services.
Officials are encouraging impacted individuals to remain vigilant by reviewing their financial account statements.
“If you see charges or activity that you did not authorize, contact your financial institution immediately,” the officials said. “Take steps to protect your accounts by contacting your bank, credit union, or financial institution immediately by using the number on the back of your bank card or by visiting in person to notify them of your involvement in this security incident.”
UMass Chan is offering free credit monitoring and identity theft protection services to individuals whose Social Security numbers and financial information were involved in this incident.