UMass Chan Medical School in Worcester Mass hit with major data breach affecting 130,000 persons

Posted on

A cyber attack resulted in a massive data breach at the UMass Chan Medical school affecting over 130,000 Massachusetts residents. Those affected will get notifications starting this week. Personal data including Social Security numbers to health information ā€” may have been compromised.

Those enrolled in specific health-related state programs provided by UMass Chan for the Executive Office of Health and Human Services were affected. TheĀ breachĀ occurred in June and involved the software of a widely-used file transfer program calledĀ MOVEit, according to the state.

Reports stated that the cyberattack involved exploiting a weakness in the MOVEit program, owned by Massachusetts-based Progress Softwareā€™s; a managed file transfer service used by thousands of organizations to securely transfer large amounts of sensitive information. It affected some 620 companies and roughly 40 million people.

The data breach was worldwide, impacting numerous agencies on state and federal levels, financial services firms, pension funds and other companies and nonprofit agencies that had subscribed to the program. In Massachusetts, UMass Chan was using the software program to transfer files as part of the service provided by the medical school to state Health and Human Services agencies and programs.

None of the systems used by the state or UMass Chan were affected by the breach.

An investigation by UMass Chan found that the affected individuals who are current or recent past participants in the following programs: MassHealth Premium Assistance Members, MassHealth Community Case Management, State Supplemental Program, Family Resources Center and Executive Office of Elder Affairs and Aging Services Access Point; primarily home care program consumers.

Stolen information could include birthdates, addresses, health information and health insurance information including policy numbers, Social Security numbers and financial account information. The data breach could also affect household members of the enrolled participants.

JEFFREY NEWMAN IS A WHISTLEBLOWER LAWYER WHO HANDLES HEALTHCARE FRAUD CASES UNDER THE FALSE CLAIMS ACT (QUI TAM). HE CAN BE REACHED AT 617-823-3217