May 24, 2024

Oregon Health Plan members impacted by Progress MOVEit software breach

PORTLAND, Ore. (KOIN) – The Oregon Health Authority announced on Wednesday that Oregon Health Plan members were impacted by a data breach and is urging enrollees to take steps to protect their personal information.

OHA said they were informed of the breach by Performance Health Technology, a private-sector vendor that helps manage OHP member data. According to Performance Health Technology, the breach allowed hackers to access personal information of about 1.7 million members due to a security vulnerability from the Progress MOVEit software.

OHA said the breach did not compromise state systems.

Performance Health Technology told state officials they conducted extensive forensic analysis through July 25 to identify those impacted and notify them. The company said they started mailing notification letters on July 31 to those affected by the breach and is offering free credit monitoring.

“We’re urging OHP members to activate credit monitoring as a precaution,” said Dave Baden, interim director at OHA. “It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already. However, there are important steps that OHP members can take to further protect their data.”

OHA is encouraging OHP members to watch for more information in the mail from Performance Health Technology with instructions to activate 12 months of free identity theft protection. OHP members can also request a free credit report along with credit reports from Equifax, TransUnion and Experian.

Additionally, OHP members can receive free ID theft recovery services from Performance Health Technology if needed.

In a statement, Performance Health Technology said “Progress MOVEit, a platform Performance Health Technology (PH TECH) uses to exchange files with customers and trading partners, recently experienced a security incident compromising select member data files. When PH TECH became aware, we took immediate action to move the platform offline, launch a formal investigation and engage a forensic cybersecurity organization to assess the impact and develop mitigation strategies.”

“Our investigation determined that Progress MOVEit’s software was compromised and that some PH TECH files were downloaded by an unauthorized entity. We believe a combination of some personal information and protected health information was compromised, including select individuals’ enrollment, authorization and claims data, names, dates of birth, addresses, member identification and social security numbers,” Performance Health Technology added.

“While these types of security events happen often across the world and a variety of technologies, they are never taken lightly by PH TECH. The security of our members’ data is our top priority, and we take our responsibility to maintain data security very seriously. PH TECH is working to create additional safeguards and precautions and has implemented several mitigation strategies to prevent this type of issue from happening again.”

The data breach comes months after a massive hack at the Oregon Department of Transportation that impacted 90% of Oregonians’ driver’s licenses and state IDs. The hack was part of a global data breach involving the data software MOVEit Transfer.

Umpqua Bank was also impacted by the MOVEit hack.

Leave a Reply

Your email address will not be published. Required fields are marked *