On August 11, 2023, the Colorado Department of Health Care Policy and Financing (“Colorado HCPF,” “CHCPF”) filed a notice of data breach with the Attorney General of Maine related to a vendor’s use of MOVEit. In this notice, CHCPF explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, addresses, health information, and demographic information. Upon completing its investigation, CHCPF began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from the Colorado Department of Health Care Policy and Financing, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Colorado HCPF data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting the Colorado HCPF?
The Colorado HCPF data breach was only recently announced, and more information is expected in the near future. However, CHCPF’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, CHCPF relies on third-party vendors to perform certain services. One of these vendors uses a program called MOVEit to securely transfer files.
However, on May 31, 2023, Progress Software, the developer of MOVEit, announced a critical, zero-day vulnerability within MOVEit. In response, CHCPF launched an investigation to determine whether Health First Colorado or CHP+ members’ protected health information was accessed by an unauthorized party. On June 13, 2023, the CHCPF investigation confirmed that an unauthorized party was able to access member information through the vendor’s compromised MOVEit on May 28, 2023. No CHCPF systems were impacted.
After learning that sensitive consumer data was accessible to an unauthorized party, Colorado HCPF reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, address, health information, and demographic information.
On August 11, 2023, Colorado HCPF sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Colorado Department of Health Care Policy and Financing
The Colorado Department of Health Care Policy and Financing (HCPF) is the state-level government entity that oversees Health First Colorado (Colorado’s Medicaid program), Child Health Plan Plus (CHP+), and other healthcare programs for Coloradans who qualify.