Missouri’s Department of Social Services (DSS) confirmed falling victim to a data breach caused by a vulnerability in the MOVEit file transfer tool, joining the growing list of affected state agencies.
While the exact number of affected individuals remains undisclosed, DSS intends to notify all Missouri Medicaid participants and providers enrolled in May 2023. The breach led to unauthorized access to protected health information, including names, dates of birth, coverage status, and medical claim details. A spokesperson for DSS noted that two social security numbers were also identified in the compromised data batch.
The breach came to light after IBM alerted officials on June 13 regarding the breach of Medicaid participants’ sensitive health information. The impacted data encompassed vital details such as department client numbers, adding to the severity of the incident. The DSS, which provides Medicaid services to eligible Missourians, is currently analyzing the scope of the breach, with ongoing efforts to identify all affected individuals. As part of its response, the agency is sending notifications to potentially impacted individuals, urging them to take immediate steps to protect their personal information, including freezing their credit.
The incident highlights the increasing threats posed by cyberattacks targeting sensitive data, as Missouri becomes one of the first states to announce its exposure to the MOVEit vulnerability. Across various sectors, hundreds of organizations, including government entities and businesses, have reported breaches since the vulnerability emerged in late May.
Emsisoft, a cybersecurity firm tracking the situation, disclosed that 617 organizations have either publicly announced breaches or appeared on the Clop ransomware gang’s leak site. The repercussions extend to other sectors, with Louisiana Office of Motor Vehicles, Oregon Department of Transportation, and TIAA among the entities facing significant breaches. Amid these developments, experts emphasize the need for heightened vigilance and security measures to safeguard against evolving cyber threats.