Missouri Department of Social Services reports MOVEit related data breach
Learn More
The Missouri Department of Social Services is reporting a potential data breach affecting Medicaid recipients, indicating that thousands of individuals' identities may have been compromised due to a cyber attack.
The incident is linked to a data security problem that occurred with IBM Consulting in May 2023 by compromising the MOVEit service used by IBM Consulting. This consulting company offers services to the Department of Social Services, which oversees the state's Medicaid programs.
The breach was initially brought to DSS's attention by IBM on June 2 after the MOVEit vulnerability was reported. IBM promptly implemented software fixes and suspended the use of the application involved in the breach while conducting an investigation. As of now, no impacted DSS systems have been identified by IBM, but monitoring efforts are ongoing.
On June 13, IBM informed the state that it should assume that hackers had gained access to specific files. DSS determined that these files might have contained personal health information of Medicaid participants.
The information exposed during the breach may encompass
- names,
- client numbers,
- dates of birth,
- medical claims data.
No details are disclosed about the number of affected individuals.
The state is currently working on analyzing the precise information affected. Analyzing the affected information is challenging due to the large size of the files, their complex formatting, and the fact that they are not easily readable.
Individuals who might have been impacted will be notified through letters, providing guidance on protecting their personal data.
