Four million health records exposed in Colorado data breach

August 24, 2023

The Colorado Department of Health Care Policy and Financing (HCPF) has suffered a data breach that impacted the personal and health information of four million individuals.

The breach was caused by a vulnerability in the MOVEit managed file transfer application, which is used by IBM to move data for HCPF.

The investigation into the breach determined that threat actors accessed sensitive data, including full names, Social Security numbers, Medicaid ID numbers, Medicare ID numbers, dates of birth, home addresses, and other contact information. However, financial information such as credit card numbers was not exposed.

HCPF is offering potentially impacted individuals two years of free credit monitoring and identity restoration services. The agency is also reviewing its cybersecurity policies and practices to prevent similar data breaches in the future.

This is the latest in a series of data breaches that have impacted Colorado organizations. In 2022, the Colorado Department of Higher Education suffered a ransomware attack that exposed the personal information of current and former students and educators. And in 2021, Colorado State University disclosed a data breach that exposed the personal information of students, faculty, and staff.

Previous victims of the MOVEit data breach include the U.S. Department of Energy, Schneider Electric, Siemens Energy, Shell, Louisiana’s Office of Motor Vehicles, Norton’s parent company Gen Digital, and German Banks Deutsche Bank AG, Commerzbank, and ING.

The sources for this piece include an article in CPOMAGAZINE.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn