IBM MOVEit Cyberattack Exposes Data of 4 Million US Patients

The file transfer app MOVEit has been exploited yet again, and the perpetrator remains at large.

The private healthcare data of over four million Colorado citizens has been compromised, after threat actors successfully exploited a vulnerability in the MOVEit transfer app used by IBM.

The attack was made possible after the Russian ransomware gang Clop first exploited the MOVEit vulnerability in June, in a seismic cyberattack that affected hundreds of global organizations including The US Department of Energy, the BBC, and Shell Gas.

The breach, which also impacted Missouri’s Department of Social Services (DSS), occurred just a week after Colorado’s Department of Higher Education fell victim to a similar MOVEit exploit that wiped 16 years’ worth of data from its systems.

Private Healthcare Information Stolen in Latest MOVEit Exploit

MOVEit’s file transfer vulnerability has claimed yet another victim. Colorado’s HCPF has recently notified over four million individuals about a May 2023 hack that led to their personal and health information being compromised.

In HCPF’s data breach notification, the agency explained the data was compromised because one of the state’s main hardware providers IBM “uses the MOVEit application to move HCPF data files in the normal course of business.”

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special offer.See deal button

It states that while their systems weren’t exploited directly, “certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor”.

These files stolen by the unauthorized actor contained sensitive information relating to approximately 4,091,794 individuals, including full names, social security numbers (SSNs), Medicaid ID numbers, Medicare ID numbers, dates of birth, clinical health care data, and more.

HPCF has pledged to provide victims with two years of credit monitoring services via Experian to counteract fraud attempts like phishing attacks.

News of IBM’s exploit broke just a week after the Colorado Department of Higher Education (CDHE) announced it experienced a ransomware attack that wiped data dating back to 2004.

Fortunately, no HCPF or Colorado state government data was leaked in either attack — but other recent MOVEit victims haven’t been so lucky.

Hack Also Exposes Medicaid Data in Missouri

Colorado wasn’t the only state to get tangled up in IBM’s recent security breach. The MOVEit hack also affected Missouri’s Department of Social Services (DSS) – a state agency that also uses IBM as a vendor – although the scale of the impact is currently unknown.

In a recent data breach notification, the state agency explained while “the data vulnerability did not impact any DSS systems” it did impact “data belonging to DSS”. They confirmed that this includes health information belonging to Medicaid participants in Missouri.

“”Upon receiving a security bulletin from Progress, we severed interaction of MOVEit Transfer with the department’s IT systems to avoid any further impact to Missouri citizens and their data. No IBM systems were impacted.” – Missouri’s Department of Social Services

Compromised data included individuals’ names, dates of birth, and medical claims. However, only two social security numbers were exposed and no banking information was breached in the attack.

MOVEit Exploit Claims More Victims

News of these healthcare attacks emerged just two months after the Russian ransomware group Clop threatened to publically expose MOVEit victims that didn’t corporate. The ransomware gang gave the affected organizations until June 21 to pay their ransoms, threatening to publish their private information if demands weren’t met.

A number of high-profile names were spotted on this list, including The US Department of Energy, John Hopkins University, 1st Source Bank, and Shell Gas. However, Clop hasn’t claimed responsibility for the IBM hack, and neither the HCPF nor the DSS has appeared on the gang’s victim list — raising doubt about whether they were involved with these attacks.

But whether or not Clop is behind these latest attacks, one thing is for certain: we can be sure to expect more MOVEit mass exploits in the future.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Isobel O'Sullivan (BSc) is a senior writer at with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals