More than 3.1 million individuals were confirmed by the Centers for Medicare & Medicaid Services to have had their information compromised as a result of the widespread MOVEit hack conducted by the Cl0p ransomware operation against Medicare admin services provider Wisconsin Physicians Service last year, according to BleepingComputer.
Such a development comes after the initial report of the agency detailing that the incident had exposed personally identifiable information from 946,801 individuals failed to account for the people who were deceased or non-beneficiaries whose data had been collected by WPS for CMS, according to a CMS spokesperson. Investigation into the breach revealed that WPS had its network infiltrated before the remediation of the vulnerable MOVEit Transfer instance, enabling the exfiltration of individuals' names, birthdates, Social Security numbers, Taxpayer Identification Numbers, mailing addresses, gender, hospital account numbers, and service dates, as well as Medicare Beneficiary Identifiers and/or Health Insurance Claim Numbers.
