As I tooted earlier this morning on Infosec.Exchange:
One of the MOVEit victims was the Colorado Department of Health Care Policy & Financing, which was notified by IBM of the data breach.
According to their notification, the information types included full name, Social Security number, Medicaid ID number, Medicare ID number, date of birth, home address and other contact information, demographic or income information, clinical and medical information (such as diagnosis/condition, lab results, medication, or other treatment information), and health insurance information.
They have now reported the incident to Maine’s AG as affecting 4,091,794 .
That makes it the biggest or one of the biggest single reports on the MOVEit incident.
Colorado also had 1.7 million patients reportedly affected by a breach involving a second vendor, PH Tech.