The MOVEit data breach which has been raging since early this year has claimed over 620 banks, hospitals, financial institutions, and government agencies, and continues to add multiple victims daily with millions of people affected. There is no telling how many companies and individuals will be impacted by the time it’s over, but the MOVEit data breach will certainly go down in history as one of the most successful hacks of all time.

In a new announcement that dramatically changes the scale of the breach, The Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million Medicaid recipients of a data breach impacting them as a result of IBM the cloud hosting vendor getting hacked via the MOVEit zero day vulnerability.

Unfortunately for all those affected the investigation revealed that the threat actors managed to access and likely exfiltrate files that contained certain Health First Colorado and Child Healthplan Plus members’ information, including:

  • Full names
  • Social Security Numbers (SSNs)
  • Medicaid ID number
  • Medicare ID number
  • Date of Birth
  • Home address
  • Contact information
  • Income information
  • Demographic data
  • Clinical data (diagnosis, lab results, treatment, medication)
  • Health insurance information


What ongoing data breach events are we talking about?

In early 2023 the cyber community became aware that a tool name MOVEit, which is widely used for moving data by companies, had been compromised by the Russian speaking Clop ransomware gang and was being used to commit cyber crime. In recent weeks however the scope and scale of this event has begun to dramatically expand. What was initially being reported by CNN as a limited event affecting only a few agencies in a few states, has continued to grow in size daily as more and more high profile victims are added to the list.

Check back often to keep an eye on the end of this previous BLOG post for recent headlines and breach announcements regarding the MOVEit breach.

How does that affect me?

You may have never heard of MOVEit before and you’re thinking this doesn’t represent a risk in your business, unfortunately it may be there without you knowing it. Because this product was so widely used, you may have software applications or systems on your network that come from vendors who do use MOVEit.

You can refer to our previous BLOG post for more information on this.

Partnering with a cybersecurity expert like Rocky Mountain Cybersecurity

Supply chain security is a complex and multifaceted issue. One effective way to begin is by partnering with a cybersecurity expert like Rocky Mountain Cybersecurity. We have a wealth of experience and expertise in this area and can provide the support and guidance you need to ensure a secure and safe future for your business. Don’t go it alone – get in touch with us today and let us help you take the first steps towards a safer tomorrow.


Contact us today!  – 307-288-0222 – –

Victim List:



Elmer Robinson is an IT warrior and cybersecurity subject matter expert who has fought on the front lines of the cybersecurity wars providing business continuity as long as they have existed.. A CISSP since 2008 and a certified network engineer since 1993, Elmer has proven success in delivering comprehensive cybersecurity strategies to every type of industry.