The Clop ransomware group’s mass hack attack on MOVEit servers continues to expose more victims. Welltok, a healthcare platform, has notified 3.5 million patients of the breach after confirming that its MOVEit file transfer server was breached on May 30. California’s Sutter Health has also reported that personal information for approximately 845,441 patients was stolen. Welltok has also disclosed that data from the group health plans of Stanford Health Care and Lucile Packard Children’s Hospital Stanford was stolen, affecting 1.6 million patients. Medical Eye Services, a vendor for Blue Shield of California, reported that 664,824 individuals’ names and social security numbers were stolen from its MOVEit server. Medicare contractor Maximus Federal Services has also reported that an additional 330,000 individuals are being notified of their exposed personal identifiable information. In total, over 77 million individuals have been affected by the MOVEit attacks.
The attacks began on May 27 when the Clop ransomware group exploited a zero-day vulnerability in the MOVEit secure file transfer software. At least 2,618 organizations have been affected, with the education, healthcare, and financial and professional services sectors being the most affected. Progress Software, the vendor of MOVEit, is facing a class-action lawsuit and investigations from federal and state regulators. Welltok, California’s Sutter Health, Medical Eye Services, and Maximus Federal Services are just a few of the organizations that have reported breaches of their MOVEit servers.
The victims continue to be counted, with Welltok notifying 3.5 million patients, including those from Stanford Health Care and Corewell Health. Medical Eye Services has seen 664,824 victims, and Maximus Federal Services counts 330,000 victims. The stolen information includes names, social security numbers, birthdates, addresses, contact information, driver’s license numbers, health insurance claims, and prescription information. Some victims may receive new Medicare cards with new unique identification numbers.
Overall, the MOVEit attacks have exposed information on over 77 million individuals, leading to legal action and investigations against Progress Software. The affected organizations are notifying victims and taking measures to rebuild and strengthen their systems.