NASCO reports MOVEit related data breach

The healthcare software company, NASCO, reported a data breach that stems from a vulnerability in MOVEit, a third-party secure file-transfer application that NASCO utilizes. This vulnerability allowed unauthorized individuals to access and potentially compromise sensitive consumer data.

 NASCO took action by securing their MOVEit server and launching an investigation to assess the extent of the exposure. Their findings revealed that the unauthorized access specifically targeted their MOVEit server, which contained private information of certain health plan members. The breach was isolated to this server and did not affect other NASCO systems.

The number of affected individuals and the data exposed is not disclosed.

Per information from NASCO, they weren't aware that their stored data on MOVEit might have been compromised until July 12, 2023. This raises a lot of questions about NASCO's management of data since the report about the MOVEit vulnerability was issued from 30th of May.

To address the concerns of those potentially affected, NASCO began the process of notifying impacted individuals by sending out detailed data breach letters in October 2023. These letters aimed to provide a clear understanding of the compromised data and the steps NASCO was taking to rectify the situation.