Colorado Department of Health Care Policy and Financing Announces Third-Party Data Breach

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

On August 11, 2023, the Colorado Department of Health Care Policy and Financing (“Colorado HCPF,” “CHCPF”) filed a notice of data breach with the Attorney General of Maine related to a vendor’s use of MOVEit. In this notice, CHCPF explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, addresses, health information, and demographic information. Upon completing its investigation, CHCPF began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from the Colorado Department of Health Care Policy and Financing, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Colorado HCPF data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting the Colorado HCPF?

The Colorado HCPF data breach was only recently announced, and more information is expected in the near future. However, CHCPF’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, CHCPF relies on third-party vendors to perform certain services. One of these vendors uses a program called MOVEit to securely transfer files.

However, on May 31, 2023, Progress Software, the developer of MOVEit, announced a critical, zero-day vulnerability within MOVEit. In response, CHCPF launched an investigation to determine whether Health First Colorado or CHP+ members’ protected health information was accessed by an unauthorized party. On June 13, 2023, the CHCPF investigation confirmed that an unauthorized party was able to access member information through the vendor’s compromised MOVEit on May 28, 2023. No CHCPF systems were impacted.

After learning that sensitive consumer data was accessible to an unauthorized party, Colorado HCPF reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, address, health information, and demographic information.

On August 11, 2023, Colorado HCPF sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Colorado Department of Health Care Policy and Financing

The Colorado Department of Health Care Policy and Financing (HCPF) is the state-level government entity that oversees Health First Colorado (Colorado’s Medicaid program), Child Health Plan Plus (CHP+), and other healthcare programs for Coloradans who qualify.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide