Massachusetts health officials are warning over 134,000 individuals who are currently or were previously enrolled in certain state programs that their personal information has been involved in a recent third-party data security breach. The breach is part of a worldwide incident that involves a file-transfer software program called “MOVEit.”
UMass Chan Medical School first became aware of the vulnerability in MOVEit on June 1. On July 27, UMass Chan discovered that some of the files contained information belonging to individuals who received services from the Executive Office of Health and Human Services. This includes programs such as MassHealth, the State Supplement Program, Family Resource Centers, the Executive Office of Elder Affairs, and Aging Services Access Points. The affected individuals are a subset of current or recent participants in these programs.
The information compromised in the breach varies by person but may include names, dates of birth, mailing addresses, protected health information (such as diagnosis/treatment information, prescription information, provider names, dates of service, claims information, health insurance member ID numbers, and other health insurance-related information), Social Security numbers, and financial account information.
The data breach has impacted not only state and federal government agencies but also financial services firms, pension funds, and other types of companies and non-profit organizations. Fortunately, no UMass Chan or state systems were compromised.
Impacted individuals have been notified by mail and will be contacted through various channels such as phone, text, and email. They are advised to take steps to protect their information, including monitoring their financial account statements and enrolling in free credit monitoring and identity theft protection services offered to those affected by this incident. UMass Chan will provide free credit monitoring and identity theft protection services to individuals whose Social Security numbers and/or financial information were involved.
For more information, individuals can visit the provided link. For further inquiries, individuals who have received a notification about their data being involved can contact 855-862-7769, Monday through Friday from 9 a.m. until 5 p.m.