Missouri's Medicaid Program and Mizzou Impacted By Recent Data Breaches
Table of Contents
- By Steven
- Aug 23, 2023
The state of Missouri's low-income Medicaid program through the Department of Social Services is responsible for offering medical insurance to Missourans in need. The program ensures that citizens have access to reliable healthcare with minimal costs to them. The University of Missouri, or Mizzou, is a public research institute that was founded in 1839 and serves as Missouri's largest university. Both of these programs were attacked in the recent MOVE-it data breach. The breach may have resulted in substantial data losses for everyone involved, and there's reason to suspect that information for thousands of people was lost.
How Did the Attack Occur?
Hackers from the C10p ransomware gang learned of a software bug in the MOVEit secure file transfer service and began exploiting it to harm businesses and organizations using the tool. The bug allowed the hackers to harm more than 600 separate organizations, including Missour's Medicaid program and the University of Missouri. The attacks occurred at the end of May or the beginning of June of 2023, and most organizations are still exploring the overall effects.
What Information Was Viewed or Stolen?
We don't know all the data taken for sure, but we suspect that Social Security Numbers, full names, dates of birth, and some medical and financial information were taken. The data that was accessed was used for eligibility purposes at the University and for the Medicaid program, which means that some sensitive information was likely involved.
How Did the Programs Admit to the Breach?
The Department of Social Services and the State University of Missouri made public announcements explaining the data breach and letting people know what information would be at risk. It's likely that anyone marked as being impacted by this breach will receive a letter in the mail explaining things in more detail. Watch for a letter and use that as an indicator that your data was involved in this chain of data breaches.
What Will Become of the Stolen Information?
The C10p ransomware gang steals information in an attempt to earn money from it. The data stolen will be used to extort officials in an attempt to gather ransoms. If ransoms aren't paid, the information will be resold or used for identity theft attacks, phishing attacks, and in other ways to attempt to collect money.
What Should Affected Parties Do in the Aftermath of the Breach?
If you learn that your information is involved in this data breach, you must protect your data at all costs. That means checking your credit at the bureaus to look for strange changes. You can also put a freeze on your credit as a way to protect it from being misused. If you want to maintain the use of your credit during this time, you can also invest in credit monitoring services to alert you when changes are made to your credit. When you get services to guard your credit, you'll understand when attackers are trying to take advantage of your information.