More than a year after other victims of the MOVEit hacking incident notified people, the the Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information was acquired by the Clop gang:
The MOVEit data breach may be long in the rear-view mirror, but healthcare entities and patients are still feeling the ripple effects.
On Friday, the Centers for Medicare & Medicaid Services (CMS) sent out an alert notifying the public that Wisconsin Physicians Service Insurance Corporation (WPS) had inadvertently leaked personally identifiable information on patients to an unauthorized third party, potentially leading to data from Medicare beneficiaries being exposed to cybercriminals.
However, the incident where WPS’s data was accessed and moved happened as a result of the MOVEit vulnerability, first discovered in May 2023 and patched a month later.
A July 2024 investigation by WPS uncovered the more than a year old leak, a statement from CMS and WPS said. Before that, it went unnoticed.
Read more at HealthExec.