DENVER — The Colorado Department of Health Policy and Finance was recently notified of a data breach affecting the personal and protected health information of an unspecified number of people. According to HCPF, no systems were compromised, rather the issue affected vendor software used by many organizations.
progress softwareThe maker of the MOVEit transfer application announced in late May that it had found evidence of a cybersecurity incident. The company notified its partners, including his IBM, a vendor of HCPF, of the problem. MOVEit is used to encrypt files during transfer between computer networks.
Colorado Department of Health Policy and Finance Launches Internal Investigation Check if your internal systems have been compromised. As of June 13, the organization determined that no systems in Colorado or his HCPF had been compromised by an unauthorized party, but the files used by IBM in the MOVEit transfer application he said were around May 28. was compromised and copied by
Information that could be affected in an attack on the MOVEit application system includes patient names, Social Security numbers, Medicaid ID numbers, Medicare ID numbers, dates of birth, home addresses and other contact information, demographics or Includes income information, clinical and medical information (etc.). diagnosis/condition, test results, medication, or other treatment information), and health insurance information.
HCPF has announced that it will provide potentially affected individuals with two years of free credit monitoring and identity recovery services offered through Experian. The organization did not provide an estimate of how many people could be affected by this security breach.
If you have not received written notice of this incident and believe you may have been affected, please call HCPF at 833-346-1583. Business hours are as follows.
- Monday to Friday, 7am to 9pm
- Saturday and Sunday 9am-6pm
Be prepared to provide contract number B100639.
For more information on this incident, please visit the HCPF site.
This article has been updated to reflect compromises attributed to the vendor and not HCPF.