Oregon Health Plan is the newest victim of the MOVEit ransomware attack

Oregan Health Plan has announced that 1.7 million Medicaid patients have had their data stolen by the Clop threat group. 

What happened

In June, the Cybersecurity & Infrastructure Security Agency (CISA) announced they had discovered two significant vulnerabilities in the MOVEit Transfer and MOVEit Cloud systems. Both programs are managed file transfer (MFT) solutions that operate on the web. 

Clop ransomware group, linked to Russia, has taken credit for the attack. 

Upon learning about the vulnerability, CISA quickly worked hard to patch the compromises. Nevertheless, the number of victims continues to grow both in the United States and internationally. 

Victimized organizations vary greatly and include companies like Discovery, Warner Bros, Choice Hotels, and many healthcare organizations, including the US Department of Health and Human Services. Clop is now creating websites to leak the data in an effort to pressure organizations into paying the demanded ransom.  

Read more: 

• US government agencies hit in global cyberattack exploiting MOVEit vulnerabilities
• Critical vulnerabilities identified in MOVEit Transfer and MOVEit Cloud

What’s new

One of the most recent organizations to be affected is Oregon Health Plan, which believes that approximately 1.7 million Oregon Medicaid patients have had their data stolen. They were notified of the vulnerability by Progress Software, the parent company of MOVEit, on June 2nd.  

Compromised data includes names, dates of birth, Social Security numbers, mailing and email addresses, and health information, including procedures, claim information, and more. 

In response, Oregon Health Plan is offering free credit monitoring services for all affected members. They also conducted an internal investigation into the breach that was completed on July 25th. The vulnerability has been successfully patched. 

Other organizations, such as the Health Plan of West Virginia, Inc. and Johns Hopkins Health System, have also recently released information confirming they were a victim of the attack. 

What they are saying

The Oregon Health Authority urged members of the Oregon Health Plan to monitor their credit. “It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already,” said Dave Baden, the interim director of the Oregon Health Authority. 

The big picture

As more organizations continue to reel from the attack, it’s still unclear what the full implications may be. Clop appears to be gearing up to sell stolen data if ransoms are not paid, but many organizations have been advised against paying, which is believed to encourage future attacks. 

Attacks from Clop first appeared in 2019, but the group has steadily impacted organizations around the world and continues to exploit vulnerabilities whenever possible, making it unlikely that we have seen the full effects of their attack. 

Organizations should work to be exceptionally diligent as ransomware organizations continue to evolve in complexity and efficacy. 

Related: HIPAA Compliant Email: The Definitive Guide