Oregon Health Plan impacted by MOVEit related breach, exposing 1.7 million customers

Oregon Health Plan reports that the personal information of as many as 1.7 million clients are potentially compromised after hackers successfully breached the computer system of PH Tech, a technology contractor providing services to the Oregon Health Plan.

The hackers exploited a security vulnerability in Progress MOVEit software. This marks the second time that hackers have accessed the personal data of Oregonians through this software. In a previous incident, the Oregon Department of Transportation had announced that the state's Department of Motor Vehicles (DMV) had also fallen victim to hackers, putting all Oregon driver's license holders at risk of data breach.

The information exposed in the breach is believed to include sensitive personal data such as

• client names,
• dates of birth,
• social security numbers,
• mailing addresses,
• email addresses.
• health records,
• diagnoses,
• medical procedures,
• insurance claims,
• member and plan identification numbers.

PH Tech is responsible for providing services to various coordinated care organizations that offer preventative and support services to members of the Oregon Health Plan. The contractor began sending notification letters to affected individuals on July 31, informing them of the breach and its potential impact on their personal information. As a precautionary measure, PH Tech is offering those affected free credit monitoring services to help protect against identity theft.