CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has recently reported a security vulnerability. Prime takes the responsibility of safeguarding your information very seriously, and while Prime systems were not involved in the incident, CBIZ KA uses MOVEit Transfer to securely transfer data files in the normal course of business.
CBIZ KA promptly launched an investigation, with the assistance of cybersecurity professionals, into the nature and scope of the MOVEit vulnerability. On September 20, 2023 CBIZ KA sent Prime Healthcare the files of its patients involved, which contained the name and one or more of the following for certain patients: date of birth, address, medical record number, Social Security Number, admission date, and discharge date.
The identified vulnerability on the MOVEit Transfer server has been patched. CBIZ KA also reviewed the protocols in place with vendors to help prevent something like this from happening again.
For eligible individuals whose Social Security numbers may have been involved in the incident, CBIZ KA is offering complimentary credit monitoring and identity protection services through Kroll. If you believe you are affected by this incident and do not receive a notice letter by Wednesday, December 13th, please call (866) 547-6909, Monday through Friday, between 9:00 a.m. to 6:30 p.m. Eastern Time (excluding major U.S. holidays).
Source: Saint Michael’s Medical Center, December 4
NOTE:
DataBreaches contacted Prime Healthcare to inquire how many of their hospitals and locations were affected. Elizabeth Nikels Prime Healthcare Vice President, Communications and Public Relations responded that nine of the Prime hospitals were affected by their vendor’s breach. None of the facilities use MOVEit, but their vendor does. Prime Healthcare has 45 hospitals and more than 300 outpatient locations in 14 states. In addition to Saint Michael’s Medical Center, Roxborough Memorial Hospital, Garden City Hospital, Landmark Medical Center, Lower Bucks Hospital, Saint Clare’s Hospital, Lake Huron Medical Center, St. Mary’s General Hospital, and Suburban Community Hospital.