HomeSecurity ArchitectureTEISS - News - Over 1 Million MESVision Customers Affected by MOVEit...

TEISS – News – Over 1 Million MESVision Customers Affected by MOVEit Transfer Breach

Published on

spot_img

California based eye care provider MESVision has reported that the personal information of over 1.1 million patients has been compromised after cyber criminals took advantage of a zero-day vulnerability in Progress Software’s MOVEit Transfer web application.

In a data breach notification submitted to the Attorney General’s office of Maine, Medical Eye Services (MESVision) disclosed that the cyber criminals exploited a zero-day vulnerability in the Progress Software’s MOVEit Transfer web application earlier this year, causing the data of more than 1.1 million patients to be compromised.

Upon being informed by Progress Software, the manufacturer of MOVEit software, MESVision took immediate action by shutting down the affected server. They then launched an internal investigation with the help of third-party cybersecurity experts to fully understand the extent of the incident.

The unauthorized access to the server was discovered to have occurred on May 28, 2023, and May 31, 2023. The affected data included personal information and Social Security Numbers of individuals enrolled in vision benefit plans managed by MESVision. The company’s investigation further revealed that at least 346,828 individuals were impacted by the breach.

Furthermore, Blue Shield California, a client of MESVision, reported a data breach with the state regulator, stating that 664,824 individuals had their personal information compromised in the security incident involving the MOVEit Transfer web application.

In a subsequent filing with the Office of the Maine Attorney General, MESVision identified an additional 2,743 individuals who were impacted by the breach, bringing the total number of affected individuals to at least 1,014,395.

MESVision has taken steps to rebuild the MOVEit system in compliance with vendor requirements and their own security standards. They have also implemented additional technical measures to ensure the security of the system before reactivating it.

In response to the breach, MESVision has advised all affected individuals to remain vigilant and monitor their credit reports for any suspicious activity. The company is also offering a year of complimentary identity monitoring services, including credit monitoring, fraud consultation, and identity theft restoration through Kroll to all affected individuals.

The company has stated that it is committed to safeguarding the information of its patients and is working to prevent such incidents from occurring in the future. They have also expressed their regret for the situation and continue to prioritize the security and well-being of their patients.

Source link

Latest articles

APT36 Hackers Targeting Windows Devices Using ElizaRAT

In recent news, a sophisticated threat actor known as APT36 has been actively targeting...

Influencing People to Win in Cyber

Implementing a zero trust approach in an organization is a complex and multi-faceted process...

Canadian Police Arrest Suspected Hacker Linked to Snowflake Attacks

Canadian authorities have made a breakthrough in a high-profile cybercrime case by arresting a...

Hackers with good intentions should not be punished

The German Federal Ministry of Justice has recently sent out a draft proposal for...

More like this

APT36 Hackers Targeting Windows Devices Using ElizaRAT

In recent news, a sophisticated threat actor known as APT36 has been actively targeting...

Influencing People to Win in Cyber

Implementing a zero trust approach in an organization is a complex and multi-faceted process...

Canadian Police Arrest Suspected Hacker Linked to Snowflake Attacks

Canadian authorities have made a breakthrough in a high-profile cybercrime case by arresting a...
en_USEnglish