In a significant cybersecurity breach, hackers have infiltrated the health data of over eight million Americans. This incident, another glaring example of the fragility of our digital infrastructure, underscores the urgent need to prioritize cybersecurity measures at all levels of government and private sectors.
The contractor at the center of the attack, Maximus, is a significant government services provider. It administers government-backed programs, like Medicaid and Medicare. The software system that was targeted, MOVEit, is a data transfer application utilized by several organizations to transmit sensitive data. The perpetrators, a Russian data extortion group named Clop, has previously exploited this system, impacting over 15 million victims.
— Chris 🇺🇸 (@Chris_1791) July 27, 2023
This hack was facilitated by a critical zero-day vulnerability in the MOVEit system, which Progress Software Corporation, the developer of MOVEit, revealed on May 31, 2023. This flaw allowed unauthorized parties to infiltrate MOVEit’s customer environments and extract private information, ranging from social security numbers to protected health data.
Our government systems are enduring repeated digital invasions, resulting in breaches of crucial databases. This situation is unacceptable in a country that champions innovation and technological prowess. It’s a blatant disregard for our citizens’ privacy, and the government should take swift action to ensure the integrity of its systems.
Maximus has not yet disclosed the specific nature of the health data compromised. Still, it confirms that the impacted files likely contain personal information, from social security numbers to protected health data, affecting 8 to 11 million individuals. If the higher number holds, this breach will become the largest health data violation this year. Also, it stands as the most substantial data breach reported due to the MOVEit mass hacks.
The response to this cyber-attack is underway. Maximus is notifying its customers, federal and state regulators and will soon notify the individuals affected by this breach. Progress Software is slated to expend over $15 million on an investigation, though that number is subject to change. Affected individuals will also be offered free credit monitoring and identity restoration services for the time being. These are necessary steps, but what our digital infrastructure needs is proactive measures to stop these attacks from occurring in the first place.
Clop claims to have extracted 169 gigabytes of data from Maximus, and it’s not alone. Other companies, like Deloitte and Flutter, which owns Fox Bets and Poker Stars, have also fallen victim to Clop’s nefarious activities.
Clop added multiple new victims to their dark web leak site this week alone. Over 500 organizations have been impacted by the MOVEit mass hacks, compromising the personal information of more than 34.5 million people.
We must remember that it’s not about the monetary loss from these attacks but the infringement on the privacy of millions of American citizens that demands attention. It’s high time American leaders take decisive actions to prevent such breaches in the future. Until then, we all are potential victims in the age of digital extortion.