Greater Rochester Independent Practice Association reports MOVEit related data breach

On October 26, 2023, the Greater Rochester Independent Practice Association Inc. (GRIPA) reported a data breach stemming from a software flaw in MOVEit, file-transfer application. GRIPA, based in Rochester, New York, is a healthcare organization that collaborates with over 1,300 physicians and their affiliated hospitals.

GRIPA became aware of the MOVEit software vulnerability on May 31, 2023. This vulnerability allowed unauthorized access to files on the GRIPA MOVEit server, which included confidential client data due to GRIPA's role in offering services to healthcare providers and handling patient health information (PHI). The breach was confirmed on June 5, 2023.

Upon discovery, GRIPA conducted a review to understand the extent of the leak and the individuals impacted. The leaked data could include:

• names,
• health information,
• Social Security numbers.

The breach has affected approximately 280,000 individuals.

On 26th of October, 2023, GRIPA dispatched letters to all individuals impacted by this security incident, providing them with specific details regarding the compromised data.