Additional MOVEit-related health data breaches reported

Pennsylvania's Allegheny County, Harris Health Systems, Dallas-based UT Southwestern Medical Center, and Johns Hopkins All Children's Hospital have disclosed experiencing health data breaches as a result of the widespread Cl0p ransomware attack involving the exploitation of a vulnerability in the MOVEit Transfer file transfer app, HealthITSecurity reports. Allegheny County reported that some of the 689,686 individuals whose Social Security numbers, taxpayer identification numbers, and driver's license numbers were exposed following the hack also had their health insurance information, diagnoses, treatment details, and admission dates compromised. Officials have urged continued vigilance among those impacted despite having been informed that Cl0p has deleted the stolen data. On the other hand, almost 224,700 patients at Harris Health Systems had their personal data and care-related information stolen as part of the MOVEit hack, while UTSW said that the breach has impacted the personal health information of 98,437 patients, some of which also had their SSNs compromised. Meanwhile, Johns Hopkins All Children's Hospital may have had patient, employee, and student data affected by the MOVEit breach in the larger Johns Hopkins Health System. Officials emphasized that no electronic personal health records have been impacted but investigation into the extent of the breach is still underway.