Health plan provider PH TECH joins MOVEit victim list, 1.7 million exposed


Critically sensitive personal information – including healthcare records – of 1.7 million individuals was exposed as PH TECH becomes the latest victim of the MOVEit attacks.

The Salem, Oregon-based company PH TECH provides health plans with control over benefits, contracts with providers, medical decisions, and care management.

The breach occurred on the 30th of May and was discovered on the 16th of June, according to the company's admission to the Maine Attorney General’s office on the 27th of July.

This makes PH TECH one of the largest MOVEit victims to date. The attack, claimed by the Cl0p ransomware gang, has affected at least 670 organizations and more than 40 million individuals worldwide. Cl0p is a Russia-linked hacking group responsible for mass attacks and its ransomware has been active since 2019.

PH TECH used the third-party software file transfer application Progress MOVEit to support continuous health care management. A security flaw within the application allowed unauthorized access to personal information.

Personal information accessed by cyber-attackers may have included the following:

  • First and last name
  • Email address
  • Date of birth (DOB)
  • Authorization information
  • Social Security number (SSN)
  • Diagnosis and procedure codes
  • Demographic information (address)
  • Claim and billing information
  • Member and plan ID number

PH TECH stated in a notification letter that attackers managed to access personal records stored on its server, and that the company took immediate action to take systems offline to prevent further intrusion.

The Federal Bureau of Investigation (FBI) and Oregon State Police were notified. PH TECH is also working with a cybersecurity firm to investigate precisely how the breach happened and how to remedy the situation.

While PH TECH doesn’t believe that any personal information has been misused, the company encourages affected users to sign up for free IDX identity theft protection services, including 12 months for credit monitoring, identity theft protection, insurance, and dark web monitoring.

The letter also shares recommended steps for protection. These include placing a fraud alert, reviewing credit reports, placing a security freeze, and preventing new accounts from being opened.

“No one is allowed to place a fraud alert on your credit report except you. Doing this is a good way to protect yourself, but it might also cause a delay when you want to apply for a loan or other types of financial credit,” PH TECH noted.

The strict reporting requirements of the State of Maine force companies to disclose cyberattacks affecting any of its residents. The data breach notification shows that only 27 of the affected 1.7 million people reside in Maine.

Cybercriminals can use stolen information to commit fraud, from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.


More from Cybernews:

Falling prices heat debate: Mac Mini or custom PC for $599

UK govt contractor leaks employee passport data

Zuckerberg to move on as Musk “not serious” about fighting

UK’s NHS recommended to use AI in radiotherapy planning

Hosting service used by criminals taken down in Poland

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked