{
	"id": "3c694cfb-7d82-4c8b-8066-1f610f196317",
	"created_at": "2026-04-06T00:09:15.42762Z",
	"updated_at": "2026-04-10T03:20:23.890693Z",
	"deleted_at": null,
	"sha1_hash": "a62fe61131db070f5527ff18c62d26ba22f7384a",
	"title": "Missouri warns that health info was stolen in IBM MOVEit data breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1480314,
	"plain_text": "Missouri warns that health info was stolen in IBM MOVEit data breach\r\nBy Lawrence Abrams\r\nPublished: 2023-08-09 · Archived: 2026-04-05 13:20:01 UTC\r\nMissouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data\r\nbreach after IBM suffered a MOVEit data theft attack.\r\nThe attack was conducted by the Clop ransomware gang, who began hacking MOVEit Transfer servers on May 27th using a\r\nzero-day vulnerability tracked as CVE-2023-34362.\r\nThese attacks allowed the threat actors to steal data from over 600 companies worldwide, including companies, educational\r\norgs, federal government agencies, and local state agencies.\r\nhttps://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe ransomware gang is expected to make $75-100 million from these attacks.\r\nMissouri health data exposed\r\nYesterday, the Missouri Department of Social Services disclosed a data breach that exposed health information related to\r\nMedicaid services in the state.\r\n\"The Missouri Department of Social Services (DSS) is responding to a May 2023 data security incident that occurred with\r\nIBM Consulting (IBM) that involved Progress Software's MOVEit Transfer software,\" reads the DSS data breach\r\nnotification.\r\n\"IBM is a vendor that provides services to DSS, the state agency that provides Medicaid services to eligible Missourians.\r\nThe data vulnerability did not directly impact any DSS systems, but impacted data belonging to DSS. DSS took immediate\r\nsteps in response to this incident that are ongoing.\"\r\nIBM confirmed to BleepingComputer yesterday that their MOVEit Transfer server was breached in these attacks, allowing\r\ndata theft.\r\n\"IBM has worked in partnership with the Missouri Department of Social Services to determine and minimize the impact of\r\nthe incident involving MOVEit Transfer, a non-IBM data transfer program provided by Progress Software,\" IBM told\r\nBleepingComputer in a statement.\r\n\"Upon receiving a security bulletin from Progress, we severed interaction of MOVEit Transfer with the department's IT\r\nsystems to avoid any further impact to Missouri citizens and their data. No IBM systems were impacted.\"\r\nAfter analyzing the stolen data, DSS confirmed that it contained protected health information for Medicaid participants in\r\nMissouri.\r\n\"The information involved in this incident may include an individual's name, department client number (DCN), date of birth,\r\npossible benefit eligibility status or coverage, and medical claims information,\" explains the DSS notification.\r\n\"DSS is still reviewing the files associated with this incident. This will take us some time to complete. These files are large,\r\nare not in plain English, and are not easily readable because of how they are formatted.\"\r\nThe agency told BleepingComputer that the investigation has revealed that only two (2) social security numbers were\r\nexposed and no banking information has been identified.\r\nDSS warns that due to the size of the stolen files and how they are formatted, it may take some time to analyze the data and\r\nfully determine the scope of the data breach.\r\nHowever, DSS told BleepingComputer that out of an abundance of caution they are sending notifications to all Missouri\r\nMedicaid participants that were enrolled in May of 2023.\r\nThe Missouri Department of Social Services suggests that individuals freeze their credit to prevent threat actors from\r\nopening new accounts or borrowing money under their name.\r\nThe agency also recommends that those impacted monitor their credit reports for unusual activity.\r\nThe MOVEit Transfer attacks have impacted other state agencies, including the Louisiana and Oregon Department of Motor\r\nVehicles, who warned in June that millions of state IDs were stolen.\r\nhttps://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/\r\nhttps://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach/"
	],
	"report_names": [
		"missouri-warns-that-health-info-was-stolen-in-ibm-moveit-data-breach"
	],
	"threat_actors": [],
	"ts_created_at": 1775434155,
	"ts_updated_at": 1775791223,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a62fe61131db070f5527ff18c62d26ba22f7384a.pdf",
		"text": "https://archive.orkl.eu/a62fe61131db070f5527ff18c62d26ba22f7384a.txt",
		"img": "https://archive.orkl.eu/a62fe61131db070f5527ff18c62d26ba22f7384a.jpg"
	}
}