PH TECH, a healthcare contractor that provides services to the Oregon Health Plan, has suffered a data breach that exposed the personal and medical information of thousands of members. The breach occurred due to a vulnerability in the MOVEit Transfer software, which PH TECH used to securely transfer files.

PH TECH Data MOVEit Breach

On May 30, 2023, a group of hackers exploited a critical vulnerability affecting MOVEit software, which is used by organizations to securely send and receive sensitive data. Hackers accessed and encrypted the files of several organizations, including PH TECH, and demanded ransom to restore the data. PH TECH learned of this incident on June 16, 2023.

Dustin Childs, who leads threat awareness at Trend Micro’s Zero Day Initiative, highlighted that the zero-day vulnerability affecting MOVEit was one of the most significant in 2023.

Who Was Affected and What Was Compromised?

In its official notice posted on its website on August 1, 2023, PH TECH said it has addressed the technical issue that lead to the breach and notified the approximately 1.7 million Oregon Health Plan members, of the data breach. Compromised data includes:

• Full name
• Date of birth
• Social Security number (SSN)
• Home address
• Member ID number
• Plan ID number
• Email address
• Authorization information
• Diagnosis code
• Procedure code
• Claim information

If you receive a notification from PH TECH, your data may be at risk, and it’s important to take action to protect yourself.

What to Do If You’re Affected by a Data Breach?

It’s no secret that having your personal info leaked puts you at a greater risk of identity theft. With that in mind, here’s some advice/tips:

• Free credit report: You can access your credit report for free and see how your credit activities affect your creditworthiness. To learn how to do this, check out this guide.
• Stay on top of bills: Be aware of what you have to pay and when it is due. If you notice any changes in your bills, such as missing or new ones that you did not authorize, this could mean that someone is using your PII and/or has changed your billing address.
• Bank statements: Review your bank transactions regularly. If you spot a transaction that you did not make, it could be a sign that your identity has been stolen.

Further tips: 

• Check your “my Social Security” account for signs of fraud.
• Check your health insurance records and tax return information.
• Make sure you always have access to sensitive online accounts.
• Watch out for spam emails, texts, and mail.
• Check for physical mail and stolen trash.
• Always know where your ID, credit cards, and other sensitive documents are kept.

Protecting Your Identity and Personal Info 

Compromised personal data can have serious consequences, including identity theft and financial fraud. We would encourage readers to head over to our new FREE ID Protection platform, which has been designed to meet these challenges.  

With ID Protection, you can: 

• Check to see if your data (email address and phone number) has been exposed in a leak, or is up for grabs on the dark web.
• Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personalized report.
• Receive the strongest tough-to-hack password suggestions.
• Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers. 

All this for free — why not give it a go today? If this article has been an interesting and/or useful read, please SHARE it with family and friends to help keep the online community secure and informed, and consider leaving a like or comment below!