ABIM, the American Board of Internal Medicine, discloses its disappointment as one of approximately 800 organizations affected by the recent MOVEit Transfer vulnerability. The organization swiftly notifies the diplomate community of the potential exposure of personal data due to this cybersecurity incident. ABIM assures affected individuals that it is actively working with Information Security experts and a leading cyber forensic company to conduct a thorough investigation. The organization promises to contact directly anyone impacted by the incident and provide necessary support, emphasizing its commitment to protecting physicians’ data.
The MOVEit Transfer vulnerability, exploited by hackers through a “zero-day vulnerability,” impacted more than 2,500 known SFTP servers. ABIM explains its use of MOVEit Transfer for secure file transfer in collaborating with third-party vendors related to certification and maintenance of certification processes. ABIM’s security team promptly responded by shutting off the file transfer process and initiating a comprehensive investigation. The organization highlights that the attack was limited to the file transfer service, and other systems remained unaffected, thanks to continuous monitoring and multiple layers of security.
ABIM advises diplomates not to take any action at the moment, assuring them that the organization will reach out to those affected in the coming weeks. The MOVEit Transfer vulnerability is clarified as unrelated to Physician Portal sign-in credentials, alleviating concerns about password changes. However, ABIM encourages diplomates to update their passwords regularly as a general security practice. The organization reiterates its commitment to addressing the incident transparently and providing necessary resources and support to affected individuals at no charge.
