AlohaCare reports MOVEit related data breach, impacts 12k individuals

On the 3rd of November AlohaCare reported a data breach caused by the MOVEit file-transfer application. AlohaCare, established in 1994 and headquartered in Honolulu, Hawaii, is a non-profit entity offering health plan services.

On May 31, 2023, AlohaCare was made aware of a significant cybersecurity issue affecting the MOVEit application, developed by Progress Software. This previously unidentified critical flaw in MOVEit allowed unauthorized parties to infiltrate the servers of various businesses, including AlohaCare's.

In response to the exposure of the MOVEit vulnerability, AlohaCare engaged a cadre of cybersecurity professionals to support an extensive investigation. This inquiry substantiated the occurrence of unauthorized access to patient data. The nature of the exposed information may vary from one individual to another but potentially includes sensitive details such as:

• names,
• Social Security numbers,
• residential address,
• date of birth.

A total of 12,982 individuals are impacted by the breach.

Subsequent to the findings of their investigation, on November 3, 2023, AlohaCare dispatched letters to all individuals impacted by the security incident, informing them of the specific details of their personal information that were compromised.